diff options
25 files changed, 1108 insertions, 3082 deletions
diff --git a/kerberosV/src/ChangeLog b/kerberosV/src/ChangeLog index a228b4f332d..8f3f512dfa4 100644 --- a/kerberosV/src/ChangeLog +++ b/kerberosV/src/ChangeLog @@ -1,1162 +1,157 @@ -2006-02-03 Love Hörnquist Ã…strand <lha@it.su.se> +2001-02-05 Assar Westerlund <assar@assaris.sics.se> - * Release 0.7.2 + * Release 0.3e - * lib/krb5/Makefile.am: install krb5_set_password.3 - - * tools/krb5-config.in: Depend on LIB_dlopen - - * tools/Makefile.am: Depend on LIB_dlopen - - * lib/krb5/rd_req.c: 1.60: (krb5_verify_ap_re2): check timestamp - in authenticator - - * kcm/connect.c: 1.18: (kcm_loop): Use HAVE_DOOR_CREATE, not - HAVE_DOORS. 1.17: (update_client_creds): in case there is no - UCRED_VERSION, skip LOCAL_PEERCRED - - * lib/krb5/keytab_memory.c: 1.8: (mkt_remove_entry): realloc can - return NULL on success in the case 0 entries are allocated, From - Andrew Bartlet - -2005-11-02 Love Hörnquist Ã…strand <lha@it.su.se> - - * kcm/headers.h: 1.7: Maybe include <sys/param.h>. - -2005-10-30 Love Hörnquist Ã…strand <lha@it.su.se> - - * configure.in: 1.378: Check for <sys/ucred.h>. - - * kcm/headers.h: 1.6: Maybe include <sys/param.h>. 1.5: include - <sys/ucred.h> - -2005-10-26 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5_encrypt.3: 1.16: Fix mdoc for - krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org> - -2005-10-22 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/rd_cred.c: 1.26: (krb5_rd_cred): try both the session - key and the sender subkey. Both RFC1510 and RFC4120 say that you - have to use the session key, Heimdal uses subkey. - -2005-10-21 Love Hörnquist Ã…strand <lha@it.su.se> - - * kcm/connect.c: 1.16: * kcm/connect.c: fix arguments to kcm_log() - when reporting sendmsg() error * kcm/connect.c: don't send socket - address in msghdr, it returns an already connected error on Linux - -2005-10-12 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/init_creds_pw.c: Rename private to opt_private. - - * lib/krb5/init_creds.c: Rename private to opt_private. - - * lib/krb5/krb5.h: 1.238: (krb5_get_init_creds_opt): rename - element private to opt_private to make c++ picky compilers less - upset. - -2005-09-09 Love Hörnquist Ã…strand <lha@it.su.se> - - * Release 0.7.1 - - * lib/krb5/kuserok.c: 1.14: (check_directory): use passed - directory name - -2005-08-11 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/crypto.c: 1.124: (wrapped_length): the underived - encrypted types checksum are all unkeyed (matches the code in - encrypt_internal() and encrypt_internal_special()) - -2005-08-09 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/hdb/db3.c: 1.16: (DB_open): catch errors from the d->open - calls instead of letting them slip though to d->cursor. Bug - repport from Andrew Bartlett <abartlet@samba.org> 1.15: (DB_open): - in case of error, close database - -2005-08-08 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/hdb/mkey.c (hdb_seal_key_mkey): if mknvo isn't set, the - caller want the latest mkvno, go search for it. - -2005-07-26 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/524.c: 1.32: Always include <krb5-v4compat.h>. - -2005-07-13 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/get_cred.c: 1.108: (krb5_get_credentials_with_flags): - only call krb5_cc_retrieve_cred once, and plug memory leak. - - * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory - -2005-06-15 Love Hörnquist Ã…strand <lha@it.su.se> - - * Release 0.7 - - * kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the - string - - * lib/krb5/cache.c: 1.70: (_krb5_expand_default_cc_name): replace - strndup with inline copy - - * kdc/kerberos5.c: 1.176: replace strndup with inline copy, free - data on failure - -2005-06-14 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += - kcm.h - - * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from - krb5_init_context - - * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from - krb5_init_context - - * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT - from krb5_init_context From: Mathias Feiler - <feiler@uni-hohenheim.de> - - * lib/krb5/verify_krb5_conf.c: Add more missig entires, from - Mathias Feiler <feiler@uni-hohenheim.de> - -2005-06-11 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/pkinit.c (pk_principal_from_X509): remember to free - KRB5PrincipalName - - * lib/krb5/log.c (krb5_closelog): free all content in - krb5_log_facility - -2005-06-08 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/524.c: init kvno to please gcc - - * kdc/kaserver.c (do_authenticate): check return value from - unparse_auth_args - -2005-06-07 Dave Love <fx@gnu.org> - - * doc/setup.texi: Spelling. - - * doc/programming.texi: Spelling. - -2005-06-02 Dave Love <fx@gnu.org> - - * kcm/connect.c (kcm_door_server): Make static. - - * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. - -2005-06-02 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/mit_dump.c (mit_prop_dump): cast argument to - krb5_parse_principal to avoid warning - - * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to - mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit - codebase - -2005-06-01 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/store.c: If we are allocating 0 entires, avoid failing - if ALLOC returns NULL - - * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm - - * lib/krb5/cache.c: When returning a new error code, set error - string. - -2005-05-31 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/keytab_file.c: Adapt to changed signature of - _krb5_xunlock, clear more error string where needed. - - * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it - into something sensable - -2005-05-30 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from - server entry to encrypted ticket flags - -2005-05-30 Johan Danielsson <joda@pdc.kth.se> - - * kdc/connect.c: rename sendlength to prependlength (which - hopefully better represents its purpose), and change type to - krb5_boolean - - * kdc/connect.c: log signal causing exit - - * kdc/main.c (sigterm): set exit_flag to signal causing exit; - (main): trap SIGXCPU - -2005-05-30 Love Hörnquist Ã…strand <lha@it.su.se> - - * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path - - * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not - client - - * kcm/main.c: ignore SIGPIPE - - * kcm/protocol.c: Add option to disallow getting krbtgt out from - from KCM. KCM will do the fetching part itself. - - * kcm/config.c: Add option to disallow getting krbtgt out from - from KCM. KCM will do the fetching part itself. - -2005-05-30 Luke Howard <lukeh@padl.com> - - * kcm/events.c: if credentials have expired when attempting - to renew, attempt to reacquire them using initial creds - -2005-05-29 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5_principal.3: Spelling, from Björn Sandell - - * doc/setup.texi: spelling, from Björn Sandell - - * lib/krb5/name-45-test.c: XXX don't run the test unless the - machine is in kth.se or su.se because it depends on local resolver - configuration. - - * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't - exists - - * kcm/connect.c: fix doors support, fix signedness warnings - - * kcm/config.c: add --door-path= - - * configure.in: comment what the "detect doors on solaris" - fragment tries to do - - * kcm/acquire.c (generate_random_pw): fix signed-ness warnings - - * kcm/connect.c (update_client_creds): fix compile error in the - getpeerucred case - - * lib/krb5/test_cc.c: change format for expantion variables in - default_cc_name to %{variable} to not confuse them with shell - ditto - - * kcm/headers.h: Maybe include <door.h>. - - * kcm/kcm_locl.h: add extern door_path; - - * configure.in: detect doors using door_create - - * kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on - LIB_door_create - - * lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door - - * lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to - kcm - - * lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create - - * lib/krb5/krb5_locl.h: Maybe include <sys/mman.h>, maybe include - <door.h>. +2001-01-30 Assar Westerlund <assar@sics.se> - * lib/krb5/kcm.c (kcm_send_request): add support for doing a door - call to kcm + * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key + properly + (kdb_prop): decrypt key properly + * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 + data with the master key leave it up to the v5 how to encrypt with + that master key - * lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with - system headerfiles that pollute the name space + * kdc/kstash.c: include file name in error messages + * kdc/hprop.c: fix a typo and check some more return values + * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s + correctly. From Jacques Vidrine <n@nectar.com> + * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than + ENOENT - * kcm/kcm.8: change format for expantion variables in - default_cc_name to %{variable} to not confuse them with shell - ditto + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 15:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 + * kdc/misc.c (db_fetch): return an error code. change callers to + look at this and try to print it in log messages - * lib/krb5/krb5.conf.5: change format for expantion variables in - default_cc_name to %{variable} to not confuse them with shell - ditto + * lib/krb5/crypto.c (decrypt_internal_derived): check that there's + enough data - * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format - for expantion variables to %{variable} to not confuse them with - shell ditto - - * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support - -2005-05-27 Love Hörnquist Ã…strand <lha@it.su.se> - - * appl/kf/kfd.c: case uid_t to unsigned long in printf format - -2005-05-25 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5_auth_context.3: remove trailing space - -2005-05-24 Love Hörnquist Ã…strand <lha@it.su.se> - - * kcm/connect.c (do_request): use sendmsg to send the reply - - * fix-export: add make_proto for kcm/kcm_protos.h - - * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h> - - * kcm/Makefile.am (kcm_SOURCES): add headerfiles - (kcm_protos.h): generate prototypes - - * kcm/protocol.c: fix error in last commit, use right function - - * kcm/headers.h: include <ucred.h> if we have getpeerucred - - * configure.in: check for functions getpeerucred and getpeereid - - * kcm/connect.c (update_client_creds): add support for - getpeerucred and getpeereid - - * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by - [libdefaults]kcm_socket=/path - -2005-05-24 David Love <fx@gnu.org> - - * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling - -2005-05-23 Love Hörnquist Ã…strand <lha@it.su.se> - - * kcm/protocol.c: Merge the description and function jumptables - into one structure. Use the length of the array when checking if - opcode is value, not a constant. - - * kcm/kcm_locl.h: struct kcm_op: jumptable structure - - * kcm/main.c: move declaration of detach_from_console away from - here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it. - - * kcm/kcm_locl.h: move declaration of detach_from_console here - - * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it. - -2005-05-23 Dave Love <fx@gnu.org> - - * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it. - - * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. - -2005-05-23 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 - -2005-05-20 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, - return and ignore the error - - * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count' - have good values - - * lib/krb5/test_keytab.c: tests all keytab format - -2005-05-19 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding - errors, fail. Make sure we free memory on error. - (pk_verify_chain_standard): make sure we provide good errors. - - * lib/krb5/verify_krb5_conf.c: add missing options, prompted by - James F. Hranicky mail to heimdal-discuss - - * lib/krb5/verify_krb5_conf.c: add pkinit and password quailty - check options - - * lib/krb5/pkinit.c (pk_verify_chain_standard): store better error - message in the context for certificate errors. - - * lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all - krb5_free_x_content like functions to make sure data doesnt get - reused, idea from Wynn Wilkes <wwilkes@vintela.com> - - * configure.in: depend on automake 1.8, we don't test anything - older - - * lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment - that the caller always free out_md; remove comment about memory, - it doesn't happen. - (init_cred_loop): free ctx->as_req.padata when its reset (From Wynn - Wilkes <wwilkes@vintela.com>), move a comment close the the code - - * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call - krb5_kt_free_entry after each krb5_kt_next_entry. - - * lib/krb5/keytab_file.c (fkt_remove_entry): need to call - krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn - Wilkes <wwilkes@vintela.com> - -2005-05-18 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/Makefile.am: TESTS += test_keytab - - * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks, - avoid crashing on empty keytab - - * lib/krb5/krb5_keytab.3: document behavior of - krb5_kt_remove_entry - - * lib/krb5/keytab_memory.c (mkt_remove_entry): check if there - isn't any entries in the keytab before removing any since that - leads to bad pointer arithmetic and crashing. From: Wynn Wilkes - <wwilkes@vintela.com>. Make the function return KRB5_KT_NOTFOUND - if the entry wasn't in the keytab (just like the filebased - keytab). - - * lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab - - * lib/krb5{addr_families,context,creds,free,keyblock, - mit_glue,rd_error}.c:zero out content of all krb5_free_x_content - like functions to make sure data doesnt get reused, idea from - Wynn Wilkes <wwilkes@vintela.com> - - * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK - - * lib/krb5/krb5.3: add krb5_cc_new_unique - -2005-05-17 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/fcache.c (fcc_get_first): check return value from - malloc, memset the structure, make sure cursor doesn't point to - freed memory on failure. From: Wynn Wilkes <wwilkes@vintela.com> - - * lib/krb5/krb5_auth_context.3: document - KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED +2001-01-29 Assar Westerlund <assar@sics.se> - * lib/krb5/get_cred.c: Remove expired credentials, based on - patches and comments from Anders Magnusson <ragge@ltu.se> and Wynn - Wilkes <wwilkes@vintela.com> + * kdc/hprop.c (realm_buf): move it so it becomes properly + conditional on KRB4 - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor - KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted - (ENCTYPE_NULL) credentials. for use with old mit server and java based - ones as they can't handle encrypted KRB-CRED. Note that the option - needs to turned on because if the consumer sends the KRB-CRED in - clear bad things will happen. + * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, + hdb_unseal_keys, hdb_seal_keys): check that we have the correct + master key and that we manage to decrypt the key properly, + returning an error code. fix all callers to check return value. - * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops + * tools/krb5-config.in: use @LIB_des_appl@ + * tools/Makefile.am (krb5-config): add LIB_des_appl + * configure.in (LIB_des): set correctly + (LIB_des_appl): add for the use by krb5-config.in - * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok - to return from krb5_get_credentials. - KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials - be unencrypted, for compatibility with mit kerberos and java - kerberos. krb5_javakt_ops: export + * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} + to make sure of not dropping data when doing it over a socket. + (this might break when used with ordinary files on win32) -2005-05-16 Love Hörnquist Ã…strand <lha@it.su.se> + * lib/hdb/hdb_err.et (NO_MKEY): add - * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that - doesn't the use extended kvnos, as hinted, this is needed for - Java's Kerberos implementation. - -2005-05-10 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 - enckey, still no DH - - * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, - still no DH + * kdc/kerberos5.c (as_rep): be paranoid and check + krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se> - * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and - pkinit-25 pa-data, return empty pkinit pa-data in the - PREAUTH_REQUIRED krb-error - - * doc/ack.texi: add pkinit people - - * lib/krb5/krb5_storage.3: document krb5_storage_is_flags - - * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, - krb5_krbhst_init.3,krb5_storage.3}: - make more pretty, from Björn Sandell - -2005-05-09 Dave Love <fx@gnu.org> - - * doc/setup.texi: Fix and clarify password quality check examples. - -2005-05-09 Love Hörnquist Ã…strand <lha@it.su.se> + * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, + lib/krb5/krb5_auth_context.3: add new man pages, contributed by + <lha@stacken.kth.se> - * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead - of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk> + * use the openssl api for md4/md5/sha and handle openssl/*.h -2005-05-07 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/addr_families.c (krb5_print_address): catch when the - unknown adress don't fit. From Björn Sandell <biorn@dce.chalmers.se> - -2005-05-05 Dave Love <d.love@dl.ac.uk> - - * configure.in: fix type right test, include <termios.h> for - sys/strtty.h, not sys/ptyvar.h - -2005-05-05 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5.conf.5: spelling - -2005-05-04 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5.conf.5: expand on what "trailing component" means - -2005-05-04 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/rd_cred.c: put address comparison in separate function - - * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory - for access files, all of which is handled like the regular - ~/.k5login - - * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for - access files, all of which is handled like the regular ~/.k5login - -2005-05-03 Love Hörnquist Ã…strand <lha@it.su.se> + * kdc/kaserver.c (do_getticket): check length of ticket. noted by + <lha@stacken.kth.se> - * doc/ack.texi: Clearify what version of libdes we are using and - who's code in it we are using. - - * kcm/kcm.8: more text about usage - - * kcm/Makefile.am: man_MANS += kcm.8 +2001-01-28 Assar Westerlund <assar@sics.se> - * kcm/kcm.8: initial manpage + * configure.in: send -R instead of -rpath to libtool to set + runtime library paths - * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define - PKINIT - -2005-05-02 Dave Love <fx@gnu.org> + * lib/krb5/Makefile.am: remove all dependencies on libkrb - * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. +2001-01-27 Assar Westerlund <assar@sics.se> -2005-05-02 Love Hörnquist Ã…strand <lha@it.su.se> + * appl/rcp: add port of bsd rcp changed to use existing rsh, + contributed by Richard Nyberg <rnyberg@it.su.se> - * tools/krb5-config.in: add com_err to required libs - - * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in - length +2001-01-27 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of - nonce for windows, remove the code that removed the signed - bit. Instead add comment that they still need to be the same - (Kerberos protocol nonce and pk-init nonce) for Windows. - -2005-05-02 David Love <fx@gnu.org> + * lib/krb5/get_port.c: don't warn if the port name can't be found, + nobody cares anyway - * lib/krb5/crypto.c: Don't declare des_salt &c as static with - incomplete type (invalid in c89, at least). - -2005-05-02 Love Hörnquist Ã…strand <lha@it.su.se> +2001-01-26 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/krb5_locl.h: include <crypt.h> + * kdc/hprop.c: make it possible to convert a v4 dump file without + having any v4 libraries; the kdb backend still require them -2005-05-02 David Love <fx@gnu.org> + * kdc/v4_dump.c: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries - * kcm/connect.c (init_socket): rename variable sun to un to avoid - namespace collision. - (handle_stream): Cast arg of krb5_warnx. + * kdc/hprop.h: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries -2005-04-30 Love Hörnquist Ã…strand <lha@it.su.se> + * lib/hdb/print.c: reduce number of memory allocations - * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the - highest bit to make windows PK-INIT happy. Also make the nonces - the same, again for windows, they are using pk-init-9. - - XXX check if it isn't the that nonce is an unsigned variable so - its just a asn1 mismatch. + * lib/hdb/mkey.c: add support for reading krb4 /.k files - * kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id - - * kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit - - * lib/krb5/pkinit.c: Pass prompter data to the prompter function, - implement a UI prompter function wrapping the kerberos prompter - function so that the the OpenSSL ENGINE can ask for a password - when loading the private key. From: Douglas E. Engert +2001-01-19 Assar Westerlund <assar@sics.se> - * lib/krb5: add <err.h> in test programs - - * configure.in: sys/ptyvar.h might need <sys/tty.h> - - * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la + * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server + for realms document capath better -2005-04-29 Love Hörnquist Ã…strand <lha@it.su.se> + * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look + at kpasswd_server before admin_server - * lib/asn1/Makefile.am: use $(LIB_com_err) - -2005-04-28 Love Hörnquist Ã…strand <lha@it.su.se> + * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in + [libdefaults]capath for better hint of realm to send request to. + this allows the client to specify `realm routing information' in + case it cannot be done at the server (which is preferred) - * lib/krb5/context.c (krb5_set_config_files): ignore permission - denied on configuration files, user might not be allowed to read - /var/heimdal/kdc.conf + * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as + zero when we were expecting a sequence number. MIT krb5 cannot + generate a sequence number of zero, instead generating no sequence + number + * lib/krb5/rd_safe.c (krb5_rd_safe): dito -2005-04-26 Dave Love <fx@gnu.org> +2001-01-11 Assar Westerlund <assar@sics.se> - * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get - posix getpwnam_r + * kpasswd/kpasswdd.c: add --port option -2005-04-25 Love Hörnquist Ã…strand <lha@it.su.se> +2001-01-10 Assar Westerlund <assar@sics.se> - * lib/asn1/gen_glue.c: switch the units variable to a - function. gcc-4.1 needs the size of the structure if its defined - as extern struct units foo_units[] an we don't want to include - <parse_units.h> in the generate headerfile + * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition + just before returning -2005-04-25 Love Hörnquist Ã…strand <lha@it.su.se> +2001-01-09 Assar Westerlund <assar@sics.se> - * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, - krb5ValidEnd, krb5PasswordEnd From Howard Chu + * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred -2005-04-24 Love Hörnquist Ã…strand <lha@it.su.se> +2001-01-05 Johan Danielsson <joda@pdc.kth.se> - * doc/whatis.texi: comment out docbook stuff for now - - * kuser/klist.c: use strlcpy - - * doc/ack.texi: we no longer use eay libdes, make acknowledgment - still be there, but claim that we no longer use it. Mark editline - to be a modified version as required by the license. - - * lib/krb5/pkinit.c: use the unexported oid_to_enctype function - - * lib/krb5/crypto.c: unexport the oid_to_enctype function, not for - external consumers + * kuser/kinit.c: call a time `time', and not `seconds' - * kdc/Makefile.am: always add kaserver - - * lib/krb5/krb5_ccache.3: document krb5_cc_new_unique + * lib/krb5/init_creds.c: not much point in setting the anonymous + flag here - * lib/krb5/cache.c (krb5_cc_new_unique): new function to create a - new credential cache + * lib/krb5/krb5_appdefault.3: document appdefault_time - * kdc/headers.h: don't include kerberos 4 headers here +2001-01-04 Johan Danielsson <joda@pdc.kth.se> - * kdc/hpropd.c: include kerberos 4 headers here + * lib/krb5/verify_user.c: use + krb5_get_init_creds_opt_set_default_flags - * kdc/connect.c: add kaserver support independ of having krb4 - support - - * kdc/config.c: add kaserver support unconditionally, make kdc - only fail to start when there are no v4 realm configured and - krb4/kaserver is turned on + * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags - * kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and - so kaserver support is always compiled in (still default disabled) - - * lib/krb5/v4_glue.c: simplify error handling + * lib/krb5/init_creds.c: new function + krb5_get_init_creds_opt_set_default_flags to set options from + krb5.conf - * doc/whatis.texi: add docbook version macro of @sub + * lib/krb5/rd_cred.c: make this match the MIT function - * doc/heimdal.texi: change the wrapping around the Top node to - ifnottex, make html generation work - - * lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell - <biorn@dce.chalmers.se> - - * lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell - <biorn@dce.chalmers.se> - - * lib/krb5/krb5_data.3: spelling, from Björn Sandell - <biorn@dce.chalmers.se> - - * lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell - <biorn@dce.chalmers.se> - - * lib/krb5/krb5_address.3: spelling, from Björn Sandell - <biorn@dce.chalmers.se> - -2005-04-23 Love Hörnquist Ã…strand <lha@it.su.se> + * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL + def_val + (krb5_appdefault_time): new function - * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so - kerberos 4 is always compiled in (still default disabled) +2001-01-03 Assar Westerlund <assar@sics.se> - * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and - so kerberos 4 is always compiled in (still default disabled) + * kdc/hpropd.c (main): handle EOF when reading from stdin - * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data - - * lib/krb5/convert_creds.c: Move the kerberos v4 replacement - functions to v4_glue.c - - * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to - be a KDC, move the v4 bits over here - - * lib/krb5/krb5-v4compat.h: add more v4 defines - -2005-04-22 Love Hörnquist Ã…strand <lha@it.su.se> - - * kpasswd/kpasswdd.c: Support multi-realms databases, requires - that all the realms are configured on the KDC in krb5.conf with - [libdefaults]default_realm stanzas. - -2005-04-21 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden - - * lib/krb5/addr_families.c: catch two more snprintf problems - -2005-04-20 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/hdb/Makefile.am: this lib include com_err, add -com_err to - CHECK_SYMBOLS - - * appl/test/http_client.c: cast ssize_t to unsigned long, fix - printf format - -2005-04-19 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames - - * lib/krb5/get_host_realm.c: check return value of snprintf - - * lib/krb5/test_addr.c: check address truncation - - * lib/krb5/addr_families.c: check return values from snprintf and - clean up semantics of ret_len - - * lib/krb5/krb5_address.3: clarify what ret_len is in - krb5_print_address - - * lib/krb5/test_kuserok.c: add --version and --help - - * lib/krb5/kuserok.c: use getpwnamn_r if it exists - - * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok - - * lib/krb5/test_kuserok.c: test program for krb5_kuserok - -2005-04-18 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed - with ccErrCCacheNotFound try again with create_default_ccache, - this fixes the problem where the security server apperenly haven't - started yet on Mac OS X - - * lib/krb5/get_default_principal.c - (_krb5_get_default_principal_local): add, for use of functions - that in ccache layer to avoid recursive calls. - - * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is* - macros in this file - - * include/make_crypto.c: cast to unsigned char to make sure its - not negative when passing it to is* functions - -2005-04-15 Love Hörnquist Ã…strand <lha@it.su.se> - - * doc/programming.texi: remove manpage macro, add some more - references to manpages - - * doc/heimdal.texi: define manpage macro - - * doc/setup.texi: document new password policy code - - * kpasswd/kpasswdd.c: add verifier libraries with - kadm5_add_passwd_quality_verifier - - * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init - -2005-04-14 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the - same, and clients - (klog) can deal with that the kaserver returns the same thing for - both - - * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill - in a keyblock from key data. - -2005-04-12 Love Hörnquist Ã…strand <lha@it.su.se> - - * configure.in: rk_WIN32_EXPORT for roken - -2005-04-10 Love Hörnquist Ã…strand <lha@it.su.se> - - * appl/test/gssapi_server.c: print out client principla of - delegated credential - -2005-04-07 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check - for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert - -2005-04-07 Love Hörnquist Ã…strand <lha@it.su.se> - - * .cvsignore: ignore more generate files - -2005-04-04 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/asn1/check-der.c: use size_t, print size_t by casting to - unsigned long - - * lib/krb5/test_crypto.c: print size_t by casting to unsigned long - - * lib/krb5/acache.c: Argument to create_new_ccache is a principal, - not a credential cache name. Clean up lossage related to this - problem. - - * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int - - * lib/krb5/addr_families.c - (krb5_address_prefixlen_boundary,krb5_free_address): - use find_atype when we are dealing with a kerberos address type - - * lib/krb5/aes-test.c: size_t vs int + fix printf - - * lib/krb5/pkinit.c: Since the decode can't make out the diffrence - between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to - verify both cases - -2005-04-03 Love Hörnquist Ã…strand <lha@it.su.se> - - * appl/test/uu_client.c: print size_t by casting to unsigned long - -2005-04-01 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kerberos4.c (do_version4): check client and server max_life - - * kdc/kaserver.c (do_getticket): check client max_life - -2005-03-31 Love <lha@kth.se> - - * lib/krb5/verify_krb5_conf.c: const poison - - * lib/krb5/test_alname.c: const poison - - * lib/asn1/main.c: const poison - - * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses - - * lib/krb5/addr_families.c: implement mask boundary for IPv6 - - * lib/asn1/gen.c: avoid const string warnings steming from - writeable-string - -2005-03-28 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/Makefile.am: TESTS += test_addr - - * lib/krb5/test_addr.c: simple test for addresses - - * lib/krb5/addr_families.c: make RANGE parse prefixlen style - addresses too, fix printing of RANGE addresses, add - krb5_address_prefixlen_boundary - - * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on - wildcards - -2005-03-26 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson - - * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson - -2005-03-19 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/acache.c: add mutex for global variables, clean up - returned error codes, implement storing addresses into the ccapi - - * appl/test/gssapi_server.c: free memory, make error strings match - - * appl/test/gssapi_server.c: use print_gss_name, print server name - too - - * appl/test/gss_common.h (print_gss_name): common code for - printing gss name - - * appl/test/gss_common.c (print_gss_name): common code for - printing gss name - - * appl/test/http_client.c: Make constent with rest of the gssapi - test programs - -2005-03-17 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/hdb/keys.c: AES is enabled by default, remove ifdefs - - * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs - - * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled - by default, remove ifdefs - - * kdc/kerberos5.c: AES is enabled by default, remove ifdefs - -2005-03-16 Love Hörnquist Ã…strand <lha@it.su.se> - - * doc/setup.texi: Add some text about modifying the database - -2005-03-15 Love Hörnquist Ã…strand <lha@it.su.se> - - * kuser/kinit.c: widen lifetime/renewal warning text field, also - make use of unparse_time_approx, no need to be specific to the - second when ticket needs to be renewed or their lifetime. - - * doc/heimdal.texi: copyright maintenance, drop eay, use updated - UCB license - - * lib/krb5/crypto.c: more static and unsigned issues - - * lib/krb5/crypto.c: fix signedness issues, prompted by report of - Magnus Ahltorp - -2005-03-13 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/krb5_keytab.3: more text about how to free returned - resources - -2005-03-10 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/pkinit.c: handle the -25 generation path - - * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 - - * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes - -2005-03-09 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/pkinit.c: use generated oid's - - * lib/krb5/pkinit.c: use generated oid's - -2005-03-08 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/pkinit.c: update to the asn1 structures used in -25's - - * lib/krb5/pkinit.c: update to the asn1 structures used in -25's - -2005-03-04 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/hdb/hdb-ldap.c: use the newly written hex function from - roken and remove the old implementation - -2005-03-01 Love Hörnquist Ã…strand <lha@it.su.se> - - * appl/test/http_client.c: allow specifing port to connect to - -2005-02-24 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/Makefile.am: bump version to 21:0:4 - - * lib/hdb/Makefile.am: bump version to 8:0:1 - - * lib/asn1/Makefile.am: bump version to 7:0:1 - -2005-02-23 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak - keys after doing the DES_cbc_cksum - -2005-02-19 Luke Howard <lukeh@padl.com> - - * lib/krb5/krbhst.c: set KD_CONFIG after calling - config_get_hosts() in kpasswd_get_next() - From: Wynn Wilkes <wynnw@vintela.com> - -2005-02-15 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY - From: Chaskiel M Grundman <cg2v@andrew.cmu.edu> - -2005-02-09 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to - make %d work - -2005-02-08 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the - caller requested to provide the user with a glue what the caller - was asking for. - -2005-02-05 Luke Howard <lukeh@padl.com> - - * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop - - * kcm/acquire.c: don't leak salt if keyproc called multiple - times - - * kcm/config.c: allow KCM system ccache to be configured from - krb5.conf, in the system_ccache stanza of [kcm] - -2005-02-03 Love Hörnquist Ã…strand <lha@it.su.se> - - * kcm/protocol.c: use -1 as the invalid pid number - - * kcm/connect.c: support SCM_CREDS (for NetBSD) - - * kcm/Makefile.am: LDADD += LIB_pidfile - - * kcm/connect.c: make it possible to build on systems without - SO_PEERCRED (still doesn't work) - - * kcm/config.c: cast argument to isdigit to unsigned char - - * lib/krb5/krb5.conf.5: document large_msg_size - - * lib/krb5/context.c (init_context_from_config_file): init - large_msg_size to 6000 - - * lib/krb5/krb5.h (krb5_context_data): add large_msg_size, - threshold where we start to use transport protocols without tiny - max data transport sizes. - - * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h - by now - -2005-02-02 Luke Howard <lukeh@padl.com> - - * configure.in: generate kcm/Makefile - - * Makefile.am: recurse into kcm/ if KCM defined - - * kcm: add KCM daemon - -2005-02-02 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again - - * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add - some more error strings - -2005-02-02 Luke Howard <lukeh@padl.com> - - * configure.in: add --enable-kcm option for Kerberos - Credentials Manager (KCM) - - * lib/krb5/Makefile.am: add kcm.c - - * lib/krb5/cache.c: use cc_retrieve_cred if present rather - than enumerating ccache - - * lib/krb5/context.c: register KCM cc_ops - - * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred - - * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock - - * lib/krb5/kcm.[ch]: add initial implementation of KCM - client library - - * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops - - * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp - - * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag - -2005-01-24 Luke Howard <lukeh@padl.com> - - * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed - krb5_get_init_creds_password() - - * kdc/kerberos5.c: don't crash when logging no server etype - support if client == NULL - -2005-01-17 Love Hörnquist Ã…strand <lha@it.su.se> - - * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love - <d.love@dl.ac.uk> - -2005-01-12 Love Hörnquist Ã…strand <lha@it.su.se> - - * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using - PAM. From: Dave Love <d.love@dl.ac.uk> - -2005-01-08 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to - unsigned char - - * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned - char - - * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to - unsigned char - - * appl/kf/kfd.c (kfd_match_version): cast argument to islower to - unsigned char - - * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled - - * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more - text about krb5_enctype_valid - - * lib/krb5/krb5_create_checksum.3: drop - krb5_checksum_is_disabled - - * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled - - * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing - as krb5_enctype_valid, so use the later since its older and the - api doesn't really need another entry point - - * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as - krb5_enctype_valid, so use the later since its older and the api - doesn't really need another entry point - - * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as - krb5_enctype_valid, so use the later since its older and the api - doesn't really need another entry point - -2005-01-05 Love Hörnquist Ã…strand <lha@it.su.se> - - * kpasswd/kpasswdd.8: document --addresses, controls what - addresses kpasswd should listen too - - * kpasswd/kpasswdd.c: add --addresses, controls what addresses - kpasswd should listen too - - * lib/krb5/addr_families.c (krb5_parse_address): filter out dup - addresses from getaddrinfo - - * kpasswd/kpasswd.1: document -c - - * kpasswd/kpasswd.c: allow specifying a credential cache to use - for the admin principal - - * include/bits.c: constify to avoid warning with -Wwrite-string - - * NEWS: add 0.6.2 and 0.6.3 items - - * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended - - * lib/krb5/krb5_is_thread_safe.3: document function - - * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3 - - * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the - library was compiled with multithreading support. If not, - application must global lock the library, it it uses threads that - call kerberos functions at the same time. - -2005-01-05 Luke Howard <lukeh@padl.com> - - * lib/krb5/auth_context.c: use krb5_generate_subkey_extended() - - * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION - - * lib/krb5/build_auth.c: support for enctype negotiation - (client sends EtypeList in Authenticator authz data) - - * lib/krb5/context.c: mutex should be destroyed last in - krb5_free_context() - - * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(), - set *subkey to NULL if key geneartion fails - - * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA - - * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56 - - * lib/krb5/rd_req.c: support for enctype negotiation - (client sends EtypeList in Authenticator authz data) - -2005-01-04 Luke Howard <lukeh@padl.com> - - * lib/asn1/k5.asn1: add authorization data types for enctype - negotiation implementation - -2005-01-04 Love Hörnquist Ã…strand <lha@it.su.se> - - * lib/krb5/changepw.c (change_password_loop): on failing to find a - kdc, set result_code to KRB5_KPASSWD_HARDERROR - -2005-01-01 Love Hörnquist Ã…strand <lha@it.su.se> - - * doc/heimdal.texi: Happy New Year - diff --git a/kerberosV/src/Makefile.am b/kerberosV/src/Makefile.am index 51239213f7f..6984e3d330d 100644 --- a/kerberosV/src/Makefile.am +++ b/kerberosV/src/Makefile.am @@ -1,12 +1,8 @@ -# $KTH: Makefile.am,v 1.17 2005/02/03 08:18:22 lukeh Exp $ +# $KTH: Makefile.am,v 1.16 2000/11/15 22:54:15 assar Exp $ include $(top_srcdir)/Makefile.am.common -if KCM -kcm_dir = kcm -endif - -SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl doc tools +SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl doc tools ## ACLOCAL = @ACLOCAL@ -I cf ACLOCAL_AMFLAGS = -I cf diff --git a/kerberosV/src/Makefile.am.common b/kerberosV/src/Makefile.am.common index eee211fe86b..8ab7774f8a7 100644 --- a/kerberosV/src/Makefile.am.common +++ b/kerberosV/src/Makefile.am.common @@ -1,4 +1,35 @@ -# $KTH: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ +# $KTH: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ include $(top_srcdir)/cf/Makefile.am.common +SUFFIXES += .x + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +CHECK_LOCAL = $(PROGRAMS) + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi diff --git a/kerberosV/src/Makefile.in b/kerberosV/src/Makefile.in index e14342316e2..9753dbfde56 100644 --- a/kerberosV/src/Makefile.in +++ b/kerberosV/src/Makefile.in @@ -1,8 +1,6 @@ -# Makefile.in generated by automake 1.8.3 from Makefile.am. -# @configure_input@ +# Makefile.in generated automatically by automake 1.4a from Makefile.am -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004 Free Software Foundation, Inc. +# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -12,411 +10,247 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -@SET_MAKE@ - -# $KTH: Makefile.am,v 1.17 2005/02/03 08:18:22 lukeh Exp $ - -# $KTH: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ +SHELL = @SHELL@ -# $KTH: Makefile.am.common,v 1.44 2005/05/29 14:43:42 lha Exp $ srcdir = @srcdir@ top_srcdir = @top_srcdir@ VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ + top_builddir = . -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + INSTALL = @INSTALL@ -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : + +@SET_MAKE@ +host_alias = @host_alias@ host_triplet = @host@ -DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure \ - ChangeLog NEWS TODO compile config.guess config.sub install-sh \ - ltconfig ltmain.sh missing ylwrap -subdir = . -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-getnameinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/retsigtype.m4 $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/sunos.m4 $(top_srcdir)/cf/telnet.m4 \ - $(top_srcdir)/cf/test-package.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ - configure.lineno configure.status.lineno -mkinstalldirs = $(mkdir_p) -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -depcomp = -am__depfiles_maybe = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-exec-recursive install-info-recursive \ - install-recursive installcheck-recursive installdirs-recursive \ - pdf-recursive ps-recursive uninstall-info-recursive \ - uninstall-recursive -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = include lib kuser kdc admin kadmin kpasswd kcm appl doc \ - tools -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -distdir = $(PACKAGE)-$(VERSION) -top_distdir = $(distdir) -am__remove_distdir = \ - { test ! -d $(distdir) \ - || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ - && rm -fr $(distdir); }; } -DIST_ARCHIVES = $(distdir).tar.gz -GZIP_ENV = --best -distuninstallcheck_listfiles = find . -type f -print -distcleancheck_listfiles = find . -type f -print -ACLOCAL = @ACLOCAL@ -AIX4_FALSE = @AIX4_FALSE@ -AIX4_TRUE = @AIX4_TRUE@ -AIX_DYNAMIC_AFS_FALSE = @AIX_DYNAMIC_AFS_FALSE@ -AIX_DYNAMIC_AFS_TRUE = @AIX_DYNAMIC_AFS_TRUE@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AIX_FALSE = @AIX_FALSE@ -AIX_TRUE = @AIX_TRUE@ +AMDEP = @AMDEP@ AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ +AS = @AS@ AWK = @AWK@ CANONICAL_HOST = @CANONICAL_HOST@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ -CATMAN_FALSE = @CATMAN_FALSE@ -CATMAN_TRUE = @CATMAN_TRUE@ CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ DBLIB = @DBLIB@ -DCE_FALSE = @DCE_FALSE@ -DCE_TRUE = @DCE_TRUE@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ +DEPDIR = @DEPDIR@ DIR_des = @DIR_des@ DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ +DLLTOOL = @DLLTOOL@ EXEEXT = @EXEEXT@ EXTRA_LIB45 = @EXTRA_LIB45@ -F77 = @F77@ -FFLAGS = @FFLAGS@ GROFF = @GROFF@ -HAVE_DB1_FALSE = @HAVE_DB1_FALSE@ -HAVE_DB1_TRUE = @HAVE_DB1_TRUE@ -HAVE_DB3_FALSE = @HAVE_DB3_FALSE@ -HAVE_DB3_TRUE = @HAVE_DB3_TRUE@ -HAVE_DLOPEN_FALSE = @HAVE_DLOPEN_FALSE@ -HAVE_DLOPEN_TRUE = @HAVE_DLOPEN_TRUE@ -HAVE_NDBM_FALSE = @HAVE_NDBM_FALSE@ -HAVE_NDBM_TRUE = @HAVE_NDBM_TRUE@ -HAVE_OPENSSL_FALSE = @HAVE_OPENSSL_FALSE@ -HAVE_OPENSSL_TRUE = @HAVE_OPENSSL_TRUE@ -HAVE_X_FALSE = @HAVE_X_FALSE@ -HAVE_X_TRUE = @HAVE_X_TRUE@ INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_des = @INCLUDE_des@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IRIX_FALSE = @IRIX_FALSE@ -IRIX_TRUE = @IRIX_TRUE@ -KCM_FALSE = @KCM_FALSE@ -KCM_TRUE = @KCM_TRUE@ -KRB4_FALSE = @KRB4_FALSE@ -KRB4_TRUE = @KRB4_TRUE@ -KRB5_FALSE = @KRB5_FALSE@ -KRB5_TRUE = @KRB5_TRUE@ -LDFLAGS = @LDFLAGS@ +INCLUDE_ = @INCLUDE_@ LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ LIB_des = @LIB_des@ -LIB_des_a = @LIB_des_a@ LIB_des_appl = @LIB_des_appl@ -LIB_des_so = @LIB_des_so@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_krb_disable_debug = @LIB_krb_disable_debug@ -LIB_krb_enable_debug = @LIB_krb_enable_debug@ -LIB_krb_get_kdc_time_diff = @LIB_krb_get_kdc_time_diff@ -LIB_krb_get_our_ip_for_realm = @LIB_krb_get_our_ip_for_realm@ -LIB_krb_kdctimeofday = @LIB_krb_kdctimeofday@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ -MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ MAKEINFO = @MAKEINFO@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ -OPENLDAP_MODULE_FALSE = @OPENLDAP_MODULE_FALSE@ -OPENLDAP_MODULE_TRUE = @OPENLDAP_MODULE_TRUE@ -OTP_FALSE = @OTP_FALSE@ -OTP_TRUE = @OTP_TRUE@ PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ YACC = @YACC@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -ac_ct_RANLIB = @ac_ct_RANLIB@ -ac_ct_STRIP = @ac_ct_STRIP@ -am__leading_dot = @am__leading_dot@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -datadir = @datadir@ -do_roken_rename_FALSE = @do_roken_rename_FALSE@ -do_roken_rename_TRUE = @do_roken_rename_TRUE@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -el_compat_FALSE = @el_compat_FALSE@ -el_compat_TRUE = @el_compat_TRUE@ -exec_prefix = @exec_prefix@ -have_cgetent_FALSE = @have_cgetent_FALSE@ -have_cgetent_TRUE = @have_cgetent_TRUE@ -have_err_h_FALSE = @have_err_h_FALSE@ -have_err_h_TRUE = @have_err_h_TRUE@ -have_fnmatch_h_FALSE = @have_fnmatch_h_FALSE@ -have_fnmatch_h_TRUE = @have_fnmatch_h_TRUE@ -have_glob_h_FALSE = @have_glob_h_FALSE@ -have_glob_h_TRUE = @have_glob_h_TRUE@ -have_ifaddrs_h_FALSE = @have_ifaddrs_h_FALSE@ -have_ifaddrs_h_TRUE = @have_ifaddrs_h_TRUE@ -have_vis_h_FALSE = @have_vis_h_FALSE@ -have_vis_h_TRUE = @have_vis_h_TRUE@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -includedir = @includedir@ -infodir = @infodir@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) + +# $KTH: Makefile.am,v 1.16 2000/11/15 22:54:15 assar Exp $ + + +# $KTH: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $KTH: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ + + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) + +AM_CFLAGS = $(WFLAGS) + CP = cp + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +LIBS = @LIBS@ + HESIODLIB = @HESIODLIB@ HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ + +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la + +CHECK_LOCAL = $(PROGRAMS) + +SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl doc tools -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KCM_TRUE@kcm_dir = kcm -SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl doc tools ACLOCAL_AMFLAGS = -I cf + EXTRA_DIST = Makefile.am.common krb5.conf -all: all-recursive +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ./include/config.h +CONFIG_CLEAN_FILES = +CFLAGS = @CFLAGS@ +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = +depcomp = +DIST_COMMON = README ChangeLog Makefile.am Makefile.in NEWS TODO \ +acconfig.h acinclude.m4 aclocal.m4 config.guess config.sub configure \ +configure.in install-sh ltconfig ltmain.sh missing mkinstalldirs -.SUFFIXES: -.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -am--refresh: - @: -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - echo ' cd $(srcdir) && $(AUTOMAKE) --foreign --ignore-deps'; \ - cd $(srcdir) && $(AUTOMAKE) --foreign --ignore-deps \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - echo ' $(SHELL) ./config.status'; \ - $(SHELL) ./config.status;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - $(SHELL) ./config.status --recheck -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(srcdir) && $(AUTOCONF) -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) - -mostlyclean-libtool: - -rm -f *.lo +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -clean-libtool: - -rm -rf .libs _libs +GZIP_ENV = --best +all: all-redirect +.SUFFIXES: +.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status + +$(ACLOCAL_M4): configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 \ + cf/broken-getnameinfo.m4 cf/broken-glob.m4 \ + cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 \ + cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 \ + cf/capabilities.m4 cf/check-declaration.m4 \ + cf/check-getpwnam_r-posix.m4 cf/check-man.m4 \ + cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 \ + cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/db.m4 \ + cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 \ + cf/find-func.m4 cf/find-if-not-broken.m4 \ + cf/grok-type.m4 cf/have-pragma-weak.m4 \ + cf/have-struct-field.m4 cf/have-type.m4 \ + cf/have-types.m4 cf/krb-bigendian.m4 cf/krb-find-db.m4 \ + cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 \ + cf/krb-ipv6.m4 cf/krb-irix.m4 cf/krb-prog-ln-s.m4 \ + cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 \ + cf/krb-readline.m4 cf/krb-struct-spwd.m4 \ + cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 \ + cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 \ + cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 \ + cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 \ + cf/roken.m4 cf/shared-libs.m4 cf/test-package.m4 \ + cf/wflags.m4 + cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) -distclean-libtool: - -rm -f libtool -uninstall-info-am: +config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck +$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) + cd $(srcdir) && $(AUTOCONF) # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. @@ -424,8 +258,11 @@ uninstall-info-am: # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @set fnord $$MAKEFLAGS; amf=$$2; \ + +all-recursive install-data-recursive install-exec-recursive \ +installdirs-recursive install-recursive uninstall-recursive \ +check-recursive installcheck-recursive info-recursive dvi-recursive: + @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ @@ -445,18 +282,13 @@ $(RECURSIVE_TARGETS): mostlyclean-recursive clean-recursive distclean-recursive \ maintainer-clean-recursive: - @set fnord $$MAKEFLAGS; amf=$$2; \ + @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ + rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ + rev="$$subdir $$rev"; \ + if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \ done; \ - rev="$$rev ."; \ + test "$$dot_seen" = "no" && rev=". $$rev"; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ @@ -472,311 +304,194 @@ tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done + +tags: TAGS ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - mkid -fID $$unique -tags: TAGS + mkid -fID $$unique $(LISP) TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ here=`pwd`; \ - if (etags --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - else \ - include_option=--include; \ - fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -f $$subdir/TAGS && \ - tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ - fi; \ + if test "$$subdir" = .; then :; else \ + test -f $$subdir/TAGS && tags="$$tags -i $$here/$$subdir/TAGS"; \ + fi; \ done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) ' { files[$$0] = 1; } \ END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$tags$$unique" \ - || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here +mostlyclean-tags: -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +clean-tags: -distdir: $(DISTFILES) - $(am__remove_distdir) - mkdir $(distdir) - $(mkdir_p) $(distdir)/cf - @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ - list='$(DISTFILES)'; for file in $$list; do \ - case $$file in \ - $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ - $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ - esac; \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test "$$dir" != "$$file" && test "$$dir" != "."; then \ - dir="/$$dir"; \ - $(mkdir_p) "$(distdir)$$dir"; \ - else \ - dir=''; \ - fi; \ - if test -d $$d/$$file; then \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || mkdir "$(distdir)/$$subdir" \ - || exit 1; \ - (cd $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="../$(top_distdir)" \ - distdir="../$(distdir)/$$subdir" \ - distdir) \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook - -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ - ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ - ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ - ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ - || chmod -R a+r $(distdir) -dist-gzip: distdir - $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) - -dist-bzip2: distdir - $(AMTAR) chof - $(distdir) | bzip2 -9 -c >$(distdir).tar.bz2 - $(am__remove_distdir) - -dist-tarZ: distdir - $(AMTAR) chof - $(distdir) | compress -c >$(distdir).tar.Z - $(am__remove_distdir) +distclean-tags: + -rm -f TAGS ID -dist-shar: distdir - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__remove_distdir) +maintainer-clean-tags: -dist-zip: distdir - -rm -f $(distdir).zip - zip -rq $(distdir).zip $(distdir) - $(am__remove_distdir) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) -dist dist-all: distdir - $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist - case '$(DIST_ARCHIVES)' in \ - *.tar.gz*) \ - GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(AMTAR) xf - ;;\ - *.tar.bz2*) \ - bunzip2 -c $(distdir).tar.bz2 | $(AMTAR) xf - ;;\ - *.tar.Z*) \ - uncompress -c $(distdir).tar.Z | $(AMTAR) xf - ;;\ - *.shar.gz*) \ - GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | unshar ;;\ - *.zip*) \ - unzip $(distdir).zip ;;\ - esac + -chmod -R a+w $(distdir) > /dev/null 2>&1; rm -rf $(distdir) + GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(AMTAR) xf - chmod -R a-w $(distdir); chmod a+w $(distdir) - mkdir $(distdir)/_build - mkdir $(distdir)/_inst + mkdir $(distdir)/=build + mkdir $(distdir)/=inst chmod a-w $(distdir) - dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ - && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ - && cd $(distdir)/_build \ - && ../configure --srcdir=.. --prefix="$$dc_install_base" \ - $(DISTCHECK_CONFIGURE_FLAGS) \ + dc_install_base=`CDPATH=: && cd $(distdir)/=inst && pwd` \ + && cd $(distdir)/=build \ + && ../configure --srcdir=.. --prefix=$$dc_install_base \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ - && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ - distuninstallcheck \ - && chmod -R a-w "$$dc_install_base" \ - && ({ \ - (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ - && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ - && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ - && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ - distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ - } || { rm -rf "$$dc_destdir"; exit 1; }) \ - && rm -rf "$$dc_destdir" \ + && test `find $$dc_install_base -type f -print | wc -l` -le 1 \ && $(MAKE) $(AM_MAKEFLAGS) dist \ - && rm -rf $(DIST_ARCHIVES) \ - && $(MAKE) $(AM_MAKEFLAGS) distcleancheck - $(am__remove_distdir) - @(echo "$(distdir) archives ready for distribution: "; \ - list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ - sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}' -distuninstallcheck: - @cd $(distuninstallcheck_dir) \ - && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ - || { echo "ERROR: files left after uninstall:" ; \ - if test -n "$(DESTDIR)"; then \ - echo " (check DESTDIR support)"; \ - fi ; \ - $(distuninstallcheck_listfiles) ; \ - exit 1; } >&2 -distcleancheck: distclean - @if test '$(srcdir)' = . ; then \ - echo "ERROR: distcleancheck can only run from a VPATH build" ; \ - exit 1 ; \ - fi - @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ - || { echo "ERROR: files left in build directory after distclean:" ; \ - $(distcleancheck_listfiles) ; \ - exit 1; } >&2 + && $(MAKE) $(AM_MAKEFLAGS) distclean \ + && rm -f $(distdir).tar.gz \ + && test `find . -type f -print | wc -l` -eq 0 + -chmod -R a+w $(distdir) > /dev/null 2>&1; rm -rf $(distdir) + @banner="$(distdir).tar.gz is ready for distribution"; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes" +dist: distdir + -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r $(distdir) + $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c > $(distdir).tar.gz + -chmod -R a+w $(distdir) > /dev/null 2>&1; rm -rf $(distdir) +dist-all: distdir + -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r $(distdir) + $(AMTAR) chof - $(distdir) | GZIP=$(GZIP_ENV) gzip -c > $(distdir).tar.gz + -chmod -R a+w $(distdir) > /dev/null 2>&1; rm -rf $(distdir) +distdir: $(DISTFILES) + -chmod -R a+w $(distdir) > /dev/null 2>&1; rm -rf $(distdir) + mkdir $(distdir) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + for subdir in $(SUBDIRS); do \ + if test "$$subdir" = .; then :; else \ + test -d $(distdir)/$$subdir \ + || mkdir $(distdir)/$$subdir \ + || exit 1; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir=../$(distdir) distdir=../$(distdir)/$$subdir distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-recursive +dvi-am: +dvi: dvi-recursive check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-recursive -all-am: Makefile all-local -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive +installcheck-am: +installcheck: installcheck-recursive +install-exec-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-exec: install-exec-recursive + +install-data-am: install-data-local install-data: install-data-recursive -uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive +install: install-recursive +uninstall-am: +uninstall: uninstall-recursive +all-am: Makefile all-local +all-redirect: all-recursive install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: installdirs-recursive +installdirs-am: + + mostlyclean-generic: clean-generic: distclean-generic: - -rm -f $(CONFIG_CLEAN_FILES) + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-recursive - -rm -f $(am__CONFIG_DISTCLEAN_FILES) - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-libtool \ - distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -info: info-recursive - -info-am: - -install-data-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-exec-am: - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-info: install-info-recursive - -install-man: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f $(am__CONFIG_DISTCLEAN_FILES) - -rm -rf $(top_srcdir)/autom4te.cache - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic + -rm -f Makefile.in +mostlyclean-am: mostlyclean-tags mostlyclean-generic mostlyclean: mostlyclean-recursive -mostlyclean-am: mostlyclean-generic mostlyclean-libtool +clean-am: clean-tags clean-generic mostlyclean-am -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive +clean: clean-recursive -ps-am: +distclean-am: distclean-tags distclean-generic clean-am + -rm -f libtool -uninstall-am: uninstall-info-am +distclean: distclean-recursive + -rm -f config.status -uninstall-info: uninstall-info-recursive +maintainer-clean-am: maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." -.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am all-local \ - am--refresh check check-am check-local clean clean-generic \ - clean-libtool clean-recursive ctags ctags-recursive dist \ - dist-all dist-bzip2 dist-gzip dist-shar dist-tarZ dist-zip \ - distcheck distclean distclean-generic distclean-libtool \ - distclean-recursive distclean-tags distcleancheck distdir \ - distuninstallcheck dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-exec \ - install-exec-am install-info install-info-am install-man \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am maintainer-clean maintainer-clean-generic \ - maintainer-clean-recursive mostlyclean mostlyclean-generic \ - mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am uninstall-info-am +maintainer-clean: maintainer-clean-recursive + -rm -f config.status + +.PHONY: install-recursive uninstall-recursive install-data-recursive \ +uninstall-data-recursive install-exec-recursive \ +uninstall-exec-recursive installdirs-recursive uninstalldirs-recursive \ +all-recursive check-recursive installcheck-recursive info-recursive \ +dvi-recursive mostlyclean-recursive distclean-recursive clean-recursive \ +maintainer-clean-recursive tags tags-recursive mostlyclean-tags \ +distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ +dvi-am dvi check-local check check-am installcheck-am installcheck \ +install-exec-am install-exec install-data-local install-data-am \ +install-data install-am install uninstall-am uninstall all-local \ +all-redirect all-am all install-strip installdirs-am installdirs \ +mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean install-suid-programs: @@ -792,7 +507,7 @@ install-suid-programs: install-exec-hook: install-suid-programs install-build-headers:: $(include_HEADERS) $(build_HEADERZ) - @foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ for f in $$foo; do \ f=`basename $$f`; \ if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ @@ -805,44 +520,6 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ) done all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if ./$$i --version > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0; \ - fi ; \ - if test '$(CHECK_SYMBOLS)' != ""; then \ - echo "$$dashes"; \ - echo "Checking symbols"; \ - sh $(top_srcdir)/cf/check-symbols.sh $(CHECK_SYMBOLS) || exit 1; \ - echo "Passed"; \ - echo "$$dashes"; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ #NROFF_MAN = nroff -man .1.cat1: $(NROFF_MAN) $< > $@ @@ -910,12 +587,41 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-hook: install-cat-mans +install-data-local: install-cat-mans .et.h: $(COMPILE_ET) $< .et.c: $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/kerberosV/src/NEWS b/kerberosV/src/NEWS index 3036a7df725..1005e9375f1 100644 --- a/kerberosV/src/NEWS +++ b/kerberosV/src/NEWS @@ -1,247 +1,3 @@ -Changes in release 0.7.2 - -* Fix security problem in rshd that enable an attacker to overwrite - and change ownership of any file that root could write. - -* Fix a DOS in telnetd. The attacker could force the server to crash - in a NULL de-reference before the user logged in, resulting in inetd - turning telnetd off because it forked too fast. - -* Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name - exists in the keytab before returning success. This allows servers - to check if its even possible to use GSSAPI. - -* Fix receiving end of token delegation for GSS-API. It still wrongly - uses subkey for sending for compatibility reasons, this will change - in 0.8. - -* telnetd, login and rshd are now more verbose in logging failed and - successful logins. - -* Bug fixes - -Changes in release 0.7.1 - -* Bug fixes - -Changes in release 0.7 - - * Support for KCM, a process based credential cache - - * Support CCAPI credential cache - - * SPNEGO support - - * AES (and the gssapi conterpart, CFX) support - - * Adding new and improve old documentation - - * Bug fixes - -Changes in release 0.6.5 - - * fix vulnerabilities in telnetd - - * unbreak Kerberos 4 and kaserver - -Changes in release 0.6.4 - - * fix vulnerabilities in telnet - - * rshd: encryption without a separate error socket should now work - - * telnet now uses appdefaults for the encrypt and forward/forwardable - settings - - * bug fixes - -Changes in release 0.6.3 - - * fix vulnerabilities in ftpd - - * support for linux AFS /proc "syscalls" - - * support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in - kpasswdd - - * fix possible KDC denial of service - - * bug fixes - -Changes in release 0.6.2 - - * Fix possible buffer overrun in v4 kadmin (which now defaults to off) - -Changes in release 0.6.1 - - * Fixed ARCFOUR suppport - - * Cross realm vulnerability - - * kdc: fix denial of service attack - - * kdc: stop clients from renewing tickets into the future - - * bug fixes - -Changes in release 0.6 - -* The DES3 GSS-API mechanism has been changed to inter-operate with - other GSSAPI implementations. See man page for gssapi(3) how to turn - on generation of correct MIC messages. Next major release of heimdal - will generate correct MIC by default. - -* More complete GSS-API support - -* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS - support in applications no longer requires Kerberos 4 libs - -* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) - -* other bug fixes - -Changes in release 0.5.2 - - * kdc: add option for disabling v4 cross-realm (defaults to off) - - * bug fixes - -Changes in release 0.5.1 - - * kadmind: fix remote exploit - - * kadmind: add option to disable kerberos 4 - - * kdc: make sure kaserver token life is positive - - * telnet: use the session key if there is no subkey - - * fix EPSV parsing in ftp - - * other bug fixes - -Changes in release 0.5 - - * add --detach option to kdc - - * allow setting forward and forwardable option in telnet from - .telnetrc, with override from command line - - * accept addresses with or without ports in krb5_rd_cred - - * make it work with modern openssl - - * use our own string2key function even with openssl (that handles weak - keys incorrectly) - - * more system-specific requirements in login - - * do not use getlogin() to determine root in su - - * telnet: abort if telnetd does not support encryption - - * update autoconf to 2.53 - - * update config.guess, config.sub - - * other bug fixes - -Changes in release 0.4e - - * improve libcrypto and database autoconf tests - - * do not care about salting of server principals when serving v4 requests - - * some improvements to gssapi library - - * test for existing compile_et/libcom_err - - * portability fixes - - * bug fixes - -Changes in release 0.4d - - * fix some problems when using libcrypto from openssl - - * handle /dev/ptmx `unix98' ptys on Linux - - * add some forgotten man pages - - * rsh: clean-up and add man page - - * fix -A and -a in builtin-ls in tpd - - * fix building problem on Irix - - * make `ktutil get' more efficient - - * bug fixes - -Changes in release 0.4c - - * fix buffer overrun in telnetd - - * repair some of the v4 fallback code in kinit - - * add more shared library dependencies - - * simplify and fix hprop handling of v4 databases - - * fix some building problems (osf's sia and osfc2 login) - - * bug fixes - -Changes in release 0.4b - - * update the shared library version numbers correctly - -Changes in release 0.4a - - * corrected key used for checksum in mk_safe, unfortunately this - makes it backwards incompatible - - * update to autoconf 2.50, libtool 1.4 - - * re-write dns/config lookups (krb5_krbhst API) - - * make order of using subkeys consistent - - * add man page links - - * add more man pages - - * remove rfc2052 support, now only rfc2782 is supported - - * always build with kaserver protocol support in the KDC (assuming - KRB4 is enabled) and support for reading kaserver databases in - hprop - -Changes in release 0.3f - - * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, - the new keytab type that tries both of these in order (SRVTAB is - also an alias for krb4:) - - * improve error reporting and error handling (error messages should - be more detailed and more useful) - - * improve building with openssl - - * add kadmin -K, rcp -F - - * fix two incorrect weak DES keys - - * fix building of kaserver compat in KDC - - * the API is closer to what MIT krb5 is using - - * more compatible with windows 2000 - - * removed some memory leaks - - * bug fixes - Changes in release 0.3e * rcp program included diff --git a/kerberosV/src/TODO b/kerberosV/src/TODO index 174137d29f4..2ceafdd71e2 100644 --- a/kerberosV/src/TODO +++ b/kerberosV/src/TODO @@ -1,9 +1,13 @@ -*- indented-text -*- -$KTH: TODO,v 1.70 2004/01/05 13:32:01 lha Exp $ +$KTH: TODO,v 1.55 2001/01/30 22:51:32 assar Exp $ * configure +use more careful checking before starting to use berkeley db. it only +makes sense to do so if we have the appropriate library and the header +file. + handle readline hiding in readline/readline.h * appl @@ -32,15 +36,8 @@ figure out what's the deal with do_sequence and the MIT client prepend a prefix on all generated symbols -implicit optional CONS types - -untag optional - - ** lib/auth -** lib/auth/sia - PAM ** lib/com_err @@ -53,16 +50,15 @@ make everything work with openssl and make prototypes compatible ** lib/gssapi -anonymous credentials not implemented +process_context_token, add_cred, inquire_cred_by_mech, +inquire_names_for_mech, and +inquire_mechs_for_name not implemented. -gss_acquire_cred(GSS_C_BOTH) with a keytab only, gss_add_cred, -gss_release_cred renders the output_cred_handle broken. +set minor_status in all functions -cache delegation credentials to avoid hitting the kdc ? require time -stampless tickets, and was supported in the recv'ing end with 0.6.1. +anonymous credentials not implemented -flag to look at ok-to-delegate even if GSS_C_DELEG_FLAG was set -(limited to some target domains). +add rc4 ** lib/hdb @@ -74,19 +70,21 @@ fix to use rpc? ** lib/krb5 -iv for aes +rewrite the lookup of KDCs to handle kerberos-<n> and not do any DNS +requests if the information can be found locally. this requires stop +using krb5_get_krbhst. the replay cache is, in its current state, not very useful -OTP? +always generates a new subkey in an authenticator -make checksum/encryption type configuration more realm-specific. +should the sequence numbers be XORed? -crypto: allow scatter/gather creation of checksums +OTP? -verify_user: handle non-secure verification failing because of -host->realm mapping +make checksum/encryption type configuration more realm-specific. make +some simple way of handling the w2k situtation -config_file: do it in case-sensitive and/or insensitive +crypto: allow scather/gather creation of checksums ** lib/roken diff --git a/kerberosV/src/acconfig.h b/kerberosV/src/acconfig.h index 9dabe370e34..8740dae27f8 100644 --- a/kerberosV/src/acconfig.h +++ b/kerberosV/src/acconfig.h @@ -48,6 +48,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } #define SGTTY #endif +/* + * Define NDBM if you are using the 4.3 ndbm library (which is part of + * libc). If not defined, 4.2 dbm will be assumed. + */ +#if defined(HAVE_DBM_FIRSTKEY) +#define NDBM +#endif + /* telnet stuff ----------------------------------------------- */ #if defined(ENCRYPTION) && !defined(AUTHENTICATION) @@ -90,7 +98,3 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } # define WORDS_BIGENDIAN 1 # endif #endif - -#ifdef ROKEN_RENAME -#include "roken_rename.h" -#endif diff --git a/kerberosV/src/acinclude.m4 b/kerberosV/src/acinclude.m4 index 50067fc3b8f..167f0222904 100644 --- a/kerberosV/src/acinclude.m4 +++ b/kerberosV/src/acinclude.m4 @@ -1,9 +1,9 @@ -dnl $KTH: acinclude.m4,v 1.16 2004/02/12 14:19:16 lha Exp $ +dnl $KTH: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $ dnl dnl Only put things that for some reason can't live in the `cf' dnl directory in this file. dnl -dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ +dnl $KTH: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ dnl -m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl +define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl diff --git a/kerberosV/src/admin/add.c b/kerberosV/src/admin/add.c index 38d366002b8..b2785fb76de 100644 --- a/kerberosV/src/admin/add.c +++ b/kerberosV/src/admin/add.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,125 +33,123 @@ #include "ktutil_locl.h" -RCSID("$KTH: add.c,v 1.8 2005/04/14 16:45:14 lha Exp $"); - -static char * -readstring(const char *prompt, char *buf, size_t len) -{ - printf("%s", prompt); - if (fgets(buf, len, stdin) == NULL) - return NULL; - buf[strcspn(buf, "\r\n")] = '\0'; - return buf; -} +RCSID("$KTH: add.c,v 1.1 2000/01/02 04:41:00 assar Exp $"); int -kt_add(struct add_options *opt, int argc, char **argv) +kt_add(int argc, char **argv) { krb5_error_code ret; - krb5_keytab keytab; krb5_keytab_entry entry; - char buf[1024]; + char buf[128]; + char *principal_string = NULL; + int kvno = -1; + char *enctype_string = NULL; krb5_enctype enctype; + char *password_string = NULL; + int salt_flag = 1; + int random_flag = 0; + int help_flag = 0; + struct getargs args[] = { + { "principal", 'p', arg_string, NULL, "principal of key", "principal"}, + { "kvno", 'V', arg_integer, NULL, "key version of key" }, + { "enctype", 'e', arg_string, NULL, "encryption type of key" }, + { "password", 'w', arg_string, NULL, "password for key"}, + { "salt", 's', arg_negative_flag, NULL, "no salt" }, + { "random", 'r', arg_flag, NULL, "generate random key" }, + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + int i = 0; + args[i++].value = &principal_string; + args[i++].value = &kvno; + args[i++].value = &enctype_string; + args[i++].value = &password_string; + args[i++].value = &salt_flag; + args[i++].value = &random_flag; + args[i++].value = &help_flag; - if((keytab = ktutil_open_keytab()) == NULL) - return 1; - - memset(&entry, 0, sizeof(entry)); - if(opt->principal_string == NULL) { - if(readstring("Principal: ", buf, sizeof(buf)) == NULL) - return 1; - opt->principal_string = buf; + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil add", ""); + return 0; + } + if(help_flag) { + arg_printusage(args, num_args, "ktutil add", ""); + return 0; + } + if(principal_string == NULL) { + printf("Principal: "); + if (fgets(buf, sizeof(buf), stdin) == NULL) + return 0; + buf[strcspn(buf, "\r\n")] = '\0'; + principal_string = buf; } - ret = krb5_parse_name(context, opt->principal_string, &entry.principal); + ret = krb5_parse_name(context, principal_string, &entry.principal); if(ret) { - krb5_warn(context, ret, "%s", opt->principal_string); - goto out; + krb5_warn(context, ret, "%s", principal_string); + return 0; } - if(opt->enctype_string == NULL) { - if(readstring("Encryption type: ", buf, sizeof(buf)) == NULL) { - ret = 1; - goto out; + if(enctype_string == NULL) { + printf("Encryption type: "); + if (fgets(buf, sizeof(buf), stdin) == NULL) { + krb5_free_principal (context, entry.principal); + return 0; } - opt->enctype_string = buf; + buf[strcspn(buf, "\r\n")] = '\0'; + enctype_string = buf; } - ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); + ret = krb5_string_to_enctype(context, enctype_string, &enctype); if(ret) { int t; - if(sscanf(opt->enctype_string, "%d", &t) == 1) + if(sscanf(enctype_string, "%d", &t) == 1) enctype = t; else { - krb5_warn(context, ret, "%s", opt->enctype_string); - goto out; + krb5_warn(context, ret, "%s", enctype_string); + krb5_free_principal(context, entry.principal); + return 0; } } - if(opt->kvno_integer == -1) { - if(readstring("Key version: ", buf, sizeof(buf)) == NULL) { - ret = 1; - goto out; + if(kvno == -1) { + printf("Key version: "); + if (fgets(buf, sizeof(buf), stdin) == NULL) { + krb5_free_principal (context, entry.principal); + return 0; } - if(sscanf(buf, "%u", &opt->kvno_integer) != 1) - goto out; + buf[strcspn(buf, "\r\n")] = '\0'; + kvno = atoi(buf); } - if(opt->password_string == NULL && opt->random_flag == 0) { - if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) { - ret = 1; - goto out; + if(password_string == NULL && random_flag == 0) { + if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) { + krb5_free_principal (context, entry.principal); + return 0; } - opt->password_string = buf; + password_string = buf; } - if(opt->password_string) { - if (opt->hex_flag) { - size_t len; - void *data; - - len = (strlen(opt->password_string) + 1) / 2; - - data = malloc(len); - if (data == NULL) { - krb5_warn(context, ENOMEM, "malloc"); - goto out; - } - - if (hex_decode(opt->password_string, data, len) != len) { - free(data); - krb5_warn(context, ENOMEM, "hex decode failed"); - goto out; - } - - ret = krb5_keyblock_init(context, enctype, - data, len, &entry.keyblock); - free(data); - } else if (!opt->salt_flag) { + if(password_string) { + if (!salt_flag) { krb5_salt salt; krb5_data pw; salt.salttype = KRB5_PW_SALT; salt.saltvalue.data = NULL; salt.saltvalue.length = 0; - pw.data = (void*)opt->password_string; - pw.length = strlen(opt->password_string); - ret = krb5_string_to_key_data_salt(context, enctype, pw, salt, - &entry.keyblock); + pw.data = (void*)password_string; + pw.length = strlen(password_string); + krb5_string_to_key_data_salt(context, enctype, pw, salt, + &entry.keyblock); } else { - ret = krb5_string_to_key(context, enctype, opt->password_string, - entry.principal, &entry.keyblock); + krb5_string_to_key(context, enctype, password_string, + entry.principal, &entry.keyblock); } - memset (opt->password_string, 0, strlen(opt->password_string)); + memset (password_string, 0, strlen(password_string)); } else { - ret = krb5_generate_random_keyblock(context, enctype, &entry.keyblock); - } - if(ret) { - krb5_warn(context, ret, "add"); - goto out; + krb5_generate_random_keyblock(context, enctype, &entry.keyblock); } - entry.vno = opt->kvno_integer; + entry.vno = kvno; entry.timestamp = time (NULL); ret = krb5_kt_add_entry(context, keytab, &entry); if(ret) krb5_warn(context, ret, "add"); - out: krb5_kt_free_entry(context, &entry); - krb5_kt_close(context, keytab); - return ret != 0; + return 0; } diff --git a/kerberosV/src/admin/change.c b/kerberosV/src/admin/change.c index 3b4546881e2..c69352a18fd 100644 --- a/kerberosV/src/admin/change.c +++ b/kerberosV/src/admin/change.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,11 +33,10 @@ #include "ktutil_locl.h" -RCSID("$KTH: change.c,v 1.7 2005/05/19 14:03:16 lha Exp $"); +RCSID("$KTH: change.c,v 1.2 2000/06/03 12:24:03 assar Exp $"); -static krb5_error_code -change_entry (krb5_context context, krb5_keytab keytab, - krb5_principal principal, krb5_kvno kvno, +static void +change_entry (krb5_context context, krb5_keytab_entry *entry, const char *realm, const char *admin_server, int server_port) { krb5_error_code ret; @@ -48,10 +47,10 @@ change_entry (krb5_context context, krb5_keytab keytab, int num_keys; int i; - ret = krb5_unparse_name (context, principal, &client_name); + ret = krb5_unparse_name (context, entry->principal, &client_name); if (ret) { - krb5_warn (context, ret, "krb5_unparse_name"); - return ret; + krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + return; } memset (&conf, 0, sizeof(conf)); @@ -59,7 +58,7 @@ change_entry (krb5_context context, krb5_keytab keytab, if(realm) conf.realm = (char *)realm; else - conf.realm = (char*)krb5_principal_get_realm(context, principal); + conf.realm = *krb5_princ_realm (context, entry->principal); conf.mask |= KADM5_CONFIG_REALM; if (admin_server) { @@ -78,26 +77,24 @@ change_entry (krb5_context context, krb5_keytab keytab, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); + free (client_name); if (ret) { - krb5_warn (context, ret, - "kadm5_c_init_with_skey_ctx: %s:", client_name); - free (client_name); - return ret; + krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); + return; } - ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys); + ret = kadm5_randkey_principal (kadm_handle, entry->principal, + &keys, &num_keys); kadm5_destroy (kadm_handle); if (ret) { - krb5_warn(context, ret, "kadm5_randkey_principal: %s:", client_name); - free (client_name); - return ret; + krb5_warn(context, ret, "kadm5_randkey_principal"); + return; } - free (client_name); for (i = 0; i < num_keys; ++i) { krb5_keytab_entry new_entry; - new_entry.principal = principal; + new_entry = *entry; new_entry.timestamp = time (NULL); - new_entry.vno = kvno + 1; + ++new_entry.vno; new_entry.keyblock = keys[i]; ret = krb5_kt_add_entry (context, keytab, &new_entry); @@ -105,7 +102,6 @@ change_entry (krb5_context context, krb5_keytab keytab, krb5_warn (context, ret, "krb5_kt_add_entry"); krb5_free_keyblock_contents (context, &keys[i]); } - return ret; } /* @@ -113,128 +109,116 @@ change_entry (krb5_context context, krb5_keytab keytab, * their keys, writing the new keys */ -struct change_set { - krb5_principal principal; - krb5_kvno kvno; -}; - int -kt_change (struct change_options *opt, int argc, char **argv) +kt_change (int argc, char **argv) { krb5_error_code ret; - krb5_keytab keytab; krb5_kt_cursor cursor; krb5_keytab_entry entry; - int i, j, max; - struct change_set *changeset; - int errors = 0; + char *realm = NULL; + char *admin_server = NULL; + int server_port = 0; + int help_flag = 0; + int optind = 0; + int j, max; + krb5_principal *princs; + + struct getargs args[] = { + { "realm", 'r', arg_string, NULL, + "realm to use", "realm" + }, + { "admin-server", 'a', arg_string, NULL, + "server to contact", "host" + }, + { "server-port", 's', arg_integer, NULL, + "port to contact", "port number" + }, + { "help", 'h', arg_flag, NULL } + }; + + args[0].value = &realm; + args[1].value = &admin_server; + args[2].value = &server_port; + args[3].value = &help_flag; + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) + || help_flag) { + arg_printusage(args, sizeof(args) / sizeof(args[0]), + "ktutil change", "principal..."); + return 0; + } - if((keytab = ktutil_open_keytab()) == NULL) - return 1; - j = 0; - max = 0; - changeset = NULL; + max = 10; + princs = malloc (max * sizeof(*princs)); + if (princs == NULL) { + krb5_warnx (context, "malloc: out of memory"); + return 1; + } ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ - krb5_warn(context, ret, "%s", keytab_string); - goto out; + krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string); + return 1; } while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { - int add = 0; + int i; + int done = 0; - for (i = 0; i < j; ++i) { - if (krb5_principal_compare (context, changeset[i].principal, - entry.principal)) { - if (changeset[i].kvno < entry.vno) - changeset[i].kvno = entry.vno; + for (i = 0; i < j; ++i) + if (krb5_principal_compare (context, princs[i], + entry.principal)) break; - } - } - if (i < j) { - krb5_kt_free_entry (context, &entry); + if (i < j) continue; - } - if (argc == 0) { - add = 1; + if (optind == argc) { + change_entry (context, &entry, realm, admin_server, server_port); + done = 1; } else { - for (i = 0; i < argc; ++i) { + for (i = optind; i < argc; ++i) { krb5_principal princ; ret = krb5_parse_name (context, argv[i], &princ); if (ret) { - krb5_warn (context, ret, "%s", argv[i]); + krb5_warn (context, ret, "krb5_parse_name %s", argv[i]); continue; } - if (krb5_principal_compare (context, princ, entry.principal)) - add = 1; - + if (krb5_principal_compare (context, princ, entry.principal)) { + change_entry (context, &entry, + realm, admin_server, server_port); + done = 1; + } krb5_free_principal (context, princ); } } - - if (add) { + if (done) { if (j >= max) { void *tmp; - max = max(max * 2, 1); - tmp = realloc (changeset, max * sizeof(*changeset)); + max *= 2; + tmp = realloc (princs, max * sizeof(*princs)); if (tmp == NULL) { krb5_kt_free_entry (context, &entry); krb5_warnx (context, "realloc: out of memory"); - ret = ENOMEM; break; } - changeset = tmp; + princs = tmp; } - ret = krb5_copy_principal (context, entry.principal, - &changeset[j].principal); + ret = krb5_copy_principal (context, entry.principal, &princs[j]); if (ret) { krb5_warn (context, ret, "krb5_copy_principal"); krb5_kt_free_entry (context, &entry); break; } - changeset[j].kvno = entry.vno; ++j; } krb5_kt_free_entry (context, &entry); } - krb5_kt_end_seq_get(context, keytab, &cursor); - - if (ret == KRB5_KT_END) { - ret = 0; - for (i = 0; i < j; i++) { - if (verbose_flag) { - char *client_name; - - ret = krb5_unparse_name (context, changeset[i].principal, - &client_name); - if (ret) { - krb5_warn (context, ret, "krb5_unparse_name"); - } else { - printf("Changing %s kvno %d\n", - client_name, changeset[i].kvno); - free(client_name); - } - } - ret = change_entry (context, keytab, - changeset[i].principal, changeset[i].kvno, - opt->realm_string, - opt->admin_server_string, - opt->server_port_integer); - if (ret != 0) - errors = 1; - } - } else - errors = 1; - for (i = 0; i < j; i++) - krb5_free_principal (context, changeset[i].principal); - free (changeset); - - out: - krb5_kt_close(context, keytab); - return errors; + while (j-- > 0) + krb5_free_principal (context, princs[j]); + free (princs); + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + return 0; } diff --git a/kerberosV/src/admin/copy.c b/kerberosV/src/admin/copy.c index e4a227c7d1d..2519a770b2d 100644 --- a/kerberosV/src/admin/copy.c +++ b/kerberosV/src/admin/copy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$KTH: copy.c,v 1.10 2004/09/23 14:43:53 joda Exp $"); +RCSID("$KTH: copy.c,v 1.5 2000/12/16 00:45:29 joda Exp $"); static krb5_boolean @@ -57,39 +57,28 @@ kt_copy_int (const char *from, const char *to) ret = krb5_kt_resolve (context, from, &src_keytab); if (ret) { krb5_warn (context, ret, "resolving src keytab `%s'", from); - return 1; + return 0; } ret = krb5_kt_resolve (context, to, &dst_keytab); if (ret) { krb5_kt_close (context, src_keytab); krb5_warn (context, ret, "resolving dst keytab `%s'", to); - return 1; + return 0; } ret = krb5_kt_start_seq_get (context, src_keytab, &cursor); if (ret) { krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string); - goto out; + goto fail; } - if (verbose_flag) - fprintf(stderr, "copying %s to %s\n", from, to); - while((ret = krb5_kt_next_entry(context, src_keytab, &entry, &cursor)) == 0) { char *name_str; char *etype_str; - ret = krb5_unparse_name (context, entry.principal, &name_str); - if(ret) { - krb5_warn(context, ret, "krb5_unparse_name"); - name_str = NULL; /* XXX */ - } - ret = krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str); - if(ret) { - krb5_warn(context, ret, "krb5_enctype_to_string"); - etype_str = NULL; /* XXX */ - } + krb5_unparse_name (context, entry.principal, &name_str); + krb5_enctype_to_string(context, entry.keyblock.keytype, &etype_str); ret = krb5_kt_get_entry(context, dst_keytab, entry.principal, entry.vno, @@ -110,8 +99,7 @@ kt_copy_int (const char *from, const char *to) free(etype_str); continue; } else if(ret != KRB5_KT_NOTFOUND) { - krb5_warn (context, ret, "%s: fetching %s/%s/%u", - to, name_str, etype_str, entry.vno); + krb5_warn(context, ret, "krb5_kt_get_entry(%s)", name_str); krb5_kt_free_entry (context, &entry); free(name_str); free(etype_str); @@ -123,8 +111,7 @@ kt_copy_int (const char *from, const char *to) ret = krb5_kt_add_entry (context, dst_keytab, &entry); krb5_kt_free_entry (context, &entry); if (ret) { - krb5_warn (context, ret, "%s: adding %s/%s/%u", - to, name_str, etype_str, entry.vno); + krb5_warn (context, ret, "krb5_kt_add_entry(%s)", name_str); free(name_str); free(etype_str); break; @@ -134,42 +121,125 @@ kt_copy_int (const char *from, const char *to) } krb5_kt_end_seq_get (context, src_keytab, &cursor); - out: + fail: krb5_kt_close (context, src_keytab); krb5_kt_close (context, dst_keytab); - return ret != 0; + return 0; } int -kt_copy (void *opt, int argc, char **argv) +kt_copy (int argc, char **argv) { + int help_flag = 0; + int optind = 0; + + struct getargs args[] = { + { "help", 'h', arg_flag, NULL} + }; + + int num_args = sizeof(args) / sizeof(args[0]); + int i = 0; + + args[i++].value = &help_flag; + args[i++].value = &verbose_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil copy", + "keytab-src keytab-dest"); + return 0; + } + if (help_flag) { + arg_printusage(args, num_args, "ktutil copy", + "keytab-src keytab-dest"); + return 0; + } + + argv += optind; + argc -= optind; + + if (argc != 2) { + arg_printusage(args, num_args, "ktutil copy", + "keytab-src keytab-dest"); + return 0; + } + return kt_copy_int(argv[0], argv[1]); } -int -srvconv(struct srvconvert_options *opt, int argc, char **argv) +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +/* copy to from v4 srvtab, just short for copy */ +static int +conv(int srvconv, int argc, char **argv) { + int help_flag = 0; + char *srvtab = KEYFILE; + int optind = 0; char kt4[1024], kt5[1024]; - snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string); + char *name; + + struct getargs args[] = { + { "srvtab", 's', arg_string, NULL}, + { "help", 'h', arg_flag, NULL} + }; + + int num_args = sizeof(args) / sizeof(args[0]); + int i = 0; - if(keytab_string != NULL) - return kt_copy_int(kt4, keytab_string); + args[i++].value = &srvtab; + args[i++].value = &help_flag; - krb5_kt_default_modify_name(context, kt5, sizeof(kt5)); - return kt_copy_int(kt4, kt5); + if(srvconv) + name = "ktutil srvconvert"; + else + name = "ktutil srvcreate"; + + if(getarg(args, num_args, argc, argv, &optind)){ + arg_printusage(args, num_args, name, ""); + return 1; + } + if(help_flag){ + arg_printusage(args, num_args, name, ""); + return 0; + } + + argc -= optind; + argv += optind; + + if (argc != 0) { + arg_printusage(args, num_args, name, ""); + return 1; + } + + snprintf(kt4, sizeof(kt4), "krb4:%s", srvtab); + + if(srvconv) { + if(keytab_string != NULL) + return kt_copy_int(kt4, keytab_string); + else { + krb5_kt_default_name(context, kt5, sizeof(kt5)); + return kt_copy_int(kt4, kt5); + } + } else { + if(keytab_string != NULL) + return kt_copy_int(keytab_string, kt4); + + krb5_kt_default_name(context, kt5, sizeof(kt5)); + return kt_copy_int(kt5, kt4); + } } int -srvcreate(struct srvcreate_options *opt, int argc, char **argv) +srvconv(int argc, char **argv) { - char kt4[1024], kt5[1024]; - - snprintf(kt4, sizeof(kt4), "krb4:%s", opt->srvtab_string); - - if(keytab_string != NULL) - return kt_copy_int(keytab_string, kt4); + return conv(1, argc, argv); +} - krb5_kt_default_name(context, kt5, sizeof(kt5)); - return kt_copy_int(kt5, kt4); +int +srvcreate(int argc, char **argv) +{ + return conv(0, argc, argv); } diff --git a/kerberosV/src/admin/get.c b/kerberosV/src/admin/get.c index 8082921b693..e3d5ee0f14a 100644 --- a/kerberosV/src/admin/get.c +++ b/kerberosV/src/admin/get.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,21 +33,57 @@ #include "ktutil_locl.h" -RCSID("$KTH: get.c,v 1.24 2004/09/23 14:44:57 joda Exp $"); +RCSID("$KTH: get.c,v 1.16 2000/12/31 02:51:43 assar Exp $"); -static void* -open_kadmin_connection(char *principal, - const char *realm, - char *admin_server, - int server_port) +int +kt_get(int argc, char **argv) { - static kadm5_config_params conf; krb5_error_code ret; + kadm5_config_params conf; void *kadm_handle; + char *principal = NULL; + char *realm = NULL; + char *admin_server = NULL; + int server_port = 0; + int help_flag = 0; + int optind = 0; + int i, j; + + struct getargs args[] = { + { "principal", 'p', arg_string, NULL, + "admin principal", "principal" + }, + { "realm", 'r', arg_string, NULL, + "realm to use", "realm" + }, + { "admin-server", 'a', arg_string, NULL, + "server to contact", "host" + }, + { "server-port", 's', arg_integer, NULL, + "port to contact", "port number" + }, + { "help", 'h', arg_flag, NULL } + }; + + args[0].value = &principal; + args[1].value = &realm; + args[2].value = &admin_server; + args[3].value = &server_port; + args[4].value = &help_flag; + memset(&conf, 0, sizeof(conf)); + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) + || help_flag) { + arg_printusage(args, sizeof(args) / sizeof(args[0]), + "ktutil get", "principal..."); + return 0; + } + if(realm) { - conf.realm = (char*)realm; + krb5_set_default_realm(context, realm); /* XXX should be fixed + some other way */ + conf.realm = realm; conf.mask |= KADM5_CONFIG_REALM; } @@ -61,9 +97,6 @@ open_kadmin_connection(char *principal, conf.mask |= KADM5_CONFIG_KADMIND_PORT; } - /* should get realm from each principal, instead of doing - everything with the same (local) realm */ - ret = kadm5_init_with_password_ctx(context, principal, NULL, @@ -72,51 +105,11 @@ open_kadmin_connection(char *principal, &kadm_handle); if(ret) { krb5_warn(context, ret, "kadm5_init_with_password"); - return NULL; + return 0; } - return kadm_handle; -} - -int -kt_get(struct get_options *opt, int argc, char **argv) -{ - krb5_error_code ret = 0; - krb5_keytab keytab; - void *kadm_handle = NULL; - krb5_enctype *etypes = NULL; - size_t netypes = 0; - int i = 0, j; - unsigned int failed = 0; - if((keytab = ktutil_open_keytab()) == NULL) - return 1; - - if(opt->realm_string) - krb5_set_default_realm(context, opt->realm_string); - - if (opt->enctypes_strings.num_strings != 0) { - int i; - - etypes = malloc (opt->enctypes_strings.num_strings * sizeof(*etypes)); - if (etypes == NULL) { - krb5_warnx(context, "malloc failed"); - goto out; - } - netypes = opt->enctypes_strings.num_strings; - for(i = 0; i < netypes; i++) { - ret = krb5_string_to_enctype(context, - opt->enctypes_strings.strings[i], - &etypes[i]); - if(ret) { - krb5_warnx(context, "unrecognized enctype: %s", - opt->enctypes_strings.strings[i]); - goto out; - } - } - } - - for(i = 0; i < argc; i++){ + for(i = optind; i < argc; i++){ krb5_principal princ_ent; kadm5_principal_ent_rec princ; int mask = 0; @@ -126,11 +119,6 @@ kt_get(struct get_options *opt, int argc, char **argv) krb5_keytab_entry entry; ret = krb5_parse_name(context, argv[i], &princ_ent); - if (ret) { - krb5_warn(context, ret, "can't parse principal %s", argv[i]); - failed++; - continue; - } memset(&princ, 0, sizeof(princ)); princ.principal = princ_ent; mask |= KADM5_PRINCIPAL; @@ -138,35 +126,19 @@ kt_get(struct get_options *opt, int argc, char **argv) mask |= KADM5_ATTRIBUTES; princ.princ_expire_time = 0; mask |= KADM5_PRINC_EXPIRE_TIME; - - if(kadm_handle == NULL) { - const char *r; - if(opt->realm_string != NULL) - r = opt->realm_string; - else - r = krb5_principal_get_realm(context, princ_ent); - kadm_handle = open_kadmin_connection(opt->principal_string, - r, - opt->admin_server_string, - opt->server_port_integer); - if(kadm_handle == NULL) - break; - } ret = kadm5_create_principal(kadm_handle, &princ, mask, "x"); if(ret == 0) - created = 1; + created++; else if(ret != KADM5_DUP) { krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]); krb5_free_principal(context, princ_ent); - failed++; continue; } ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); if (ret) { krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]); krb5_free_principal(context, princ_ent); - failed++; continue; } @@ -177,11 +149,8 @@ kt_get(struct get_options *opt, int argc, char **argv) for (j = 0; j < n_keys; j++) krb5_free_keyblock_contents(context, &keys[j]); krb5_free_principal(context, princ_ent); - failed++; continue; } - if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX)) - krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]); princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); mask = KADM5_ATTRIBUTES; if(created) { @@ -194,41 +163,20 @@ kt_get(struct get_options *opt, int argc, char **argv) for (j = 0; j < n_keys; j++) krb5_free_keyblock_contents(context, &keys[j]); krb5_free_principal(context, princ_ent); - failed++; continue; } for(j = 0; j < n_keys; j++) { - int do_add = TRUE; - - if (netypes) { - int i; - - do_add = FALSE; - for (i = 0; i < netypes; ++i) - if (keys[j].keytype == etypes[i]) { - do_add = TRUE; - break; - } - } - if (do_add) { - entry.principal = princ_ent; - entry.vno = princ.kvno; - entry.keyblock = keys[j]; - entry.timestamp = time (NULL); - ret = krb5_kt_add_entry(context, keytab, &entry); - if (ret) - krb5_warn(context, ret, "krb5_kt_add_entry"); - } + entry.principal = princ_ent; + entry.vno = princ.kvno; + entry.keyblock = keys[j]; + entry.timestamp = time (NULL); + ret = krb5_kt_add_entry(context, keytab, &entry); krb5_free_keyblock_contents(context, &keys[j]); } kadm5_free_principal_ent(kadm_handle, &princ); krb5_free_principal(context, princ_ent); } - out: - free(etypes); - if (kadm_handle) - kadm5_destroy(kadm_handle); - krb5_kt_close(context, keytab); - return ret != 0 || failed > 0; + kadm5_destroy(kadm_handle); + return 0; } diff --git a/kerberosV/src/admin/ktutil.8 b/kerberosV/src/admin/ktutil.8 index 91bd3a7c034..385f57a5b93 100644 --- a/kerberosV/src/admin/ktutil.8 +++ b/kerberosV/src/admin/ktutil.8 @@ -1,74 +1,35 @@ -.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" $KTH: ktutil.8,v 1.9 2000/12/16 00:58:49 joda Exp $ .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $KTH: ktutil.8,v 1.21 2005/04/14 16:43:57 lha Exp $ -.\" -.Dd April 14, 2005 +.Dd December 16, 2000 .Dt KTUTIL 8 .Os HEIMDAL .Sh NAME .Nm ktutil -.Nd manage Kerberos keytabs +.Nd +manage Kerberos keytabs .Sh SYNOPSIS .Nm .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl -keytab= Ns Ar keytab .Xc .Oc .Op Fl v | Fl -verbose .Op Fl -version .Op Fl h | Fl -help -.Ar command +.Ar command .Op Ar args .Sh DESCRIPTION .Nm is a program for managing keytabs. -Supported options: -.Bl -tag -width Ds -.It Xo -.Fl v , -.Fl -verbose -.Xc -Verbose output. -.El -.Pp .Ar command can be one of the following: -.Bl -tag -width srvconvert +.Bl -tag -width Ds .It add Xo .Op Fl p Ar principal .Op Fl -principal= Ns Ar principal .Op Fl V Ar kvno .Op Fl -kvno= Ns Ar kvno -.Op Fl e Ar enctype +.Op Fl e Ar encype .Op Fl -enctype= Ns Ar enctype .Op Fl w Ar password .Op Fl -password= Ns Ar password @@ -76,15 +37,9 @@ can be one of the following: .Op Fl -random .Op Fl s .Op Fl -no-salt -.Op Fl H -.Op Fl -hex .Xc Adds a key to the keytab. Options that are not specified will be -prompted for. This requires that you know the password or the hex key of the -principal to add; if what you really want is to add a new principal to -the keytab, you should consider the -.Ar get -command, which talks to the kadmin server. +prompted for. .It change Xo .Op Fl r Ar realm .Op Fl -realm= Ns Ar realm @@ -94,7 +49,7 @@ command, which talks to the kadmin server. .Op Fl -server-port= Ns Ar port .Xc Update one or several keys to new versions. By default, use the admin -server for the realm of a keytab entry. Otherwise it will use the +server for the realm of an keytab entry. Otherwise it will use the values specified by the options. .Pp If no principals are given, all the ones in the keytab are updated. @@ -109,25 +64,17 @@ to .It get Xo .Op Fl p Ar admin principal .Op Fl -principal= Ns Ar admin principal -.Op Fl e Ar enctype -.Op Fl -enctypes= Ns Ar enctype .Op Fl r Ar realm .Op Fl -realm= Ns Ar realm .Op Fl a Ar admin server .Op Fl -admin-server= Ns Ar admin server .Op Fl s Ar server port .Op Fl -server-port= Ns Ar server port -.Ar principal ... +.Ar principal .Xc -For each -.Ar principal , -generate a new key for it (creating it if it doesn't already exist), -and put that key in the keytab. -.Pp -If no -.Ar realm -is specified, the realm to operate on is taken from the first -principal. +Get a key for +.Nm principal +and store it in a keytab. .It list Xo .Op Fl -keys .Op Fl -timestamp @@ -143,24 +90,16 @@ List the keys stored in the keytab. .Xc Removes the specified key or keys. Not specifying a .Ar kvno -removes keys with any version number. Not specifying an +removes keys with any version number. Not specifying a .Ar enctype removes keys of any type. -.It rename Xo -.Ar from-principal -.Ar to-principal -.Xc -Renames all entries in the keytab that match the -.Ar from-principal -to -.Ar to-principal . .It purge Xo .Op Fl -age= Ns Ar age .Xc -Removes all old versions of a key for which there is a newer version -that is at least -.Ar age -(default one week) old. +Removes all old entries (for which there is a newer version) that are +older than +.Ar age +(default one week). .It srvconvert .It srv2keytab Xo .Op Fl s Ar srvtab @@ -169,12 +108,12 @@ that is at least Converts the version 4 srvtab in .Ar srvtab to a version 5 keytab and stores it in -.Ar keytab . +.Ar keytab . Identical to: .Bd -ragged -offset indent -.Li ktutil copy +.Li ktutil copy .Li krb4: Ns Ar srvtab -.Ar keytab +.Ar keytab .Ed .It srvcreate .It key2srvtab Xo @@ -187,8 +126,8 @@ to a version 4 srvtab and stores it in .Ar srvtab . Identical to: .Bd -ragged -offset indent -.Li ktutil copy -.Ar keytab +.Li ktutil copy +.Ar keytab .Li krb4: Ns Ar srvtab .Ed .El diff --git a/kerberosV/src/admin/purge.c b/kerberosV/src/admin/purge.c index 35b841ca4be..5ce51fc5607 100644 --- a/kerberosV/src/admin/purge.c +++ b/kerberosV/src/admin/purge.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$KTH: purge.c,v 1.7 2004/09/23 14:46:43 joda Exp $"); +RCSID("$KTH: purge.c,v 1.3 2000/06/29 08:31:47 joda Exp $"); /* * keep track of the highest version for every principal. @@ -42,7 +42,6 @@ RCSID("$KTH: purge.c,v 1.7 2004/09/23 14:46:43 joda Exp $"); struct e { krb5_principal principal; int max_vno; - time_t timestamp; struct e *next; }; @@ -58,17 +57,14 @@ get_entry (krb5_principal princ, struct e *head) } static void -add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head) +add_entry (krb5_principal princ, int vno, struct e **head) { krb5_error_code ret; struct e *e; e = get_entry (princ, *head); if (e != NULL) { - if(e->max_vno < vno) { - e->max_vno = vno; - e->timestamp = timestamp; - } + e->max_vno = max (e->max_vno, vno); return; } e = malloc (sizeof (*e)); @@ -78,7 +74,6 @@ add_entry (krb5_principal princ, int vno, time_t timestamp, struct e **head) if (ret) krb5_err (context, 1, ret, "krb5_copy_principal"); e->max_vno = vno; - e->timestamp = timestamp; e->next = *head; *head = e; } @@ -100,33 +95,50 @@ delete_list (struct e *head) */ int -kt_purge(struct purge_options *opt, int argc, char **argv) +kt_purge(int argc, char **argv) { - krb5_error_code ret = 0; + krb5_error_code ret; krb5_kt_cursor cursor; - krb5_keytab keytab; krb5_keytab_entry entry; + int help_flag = 0; + char *age_str = "1 week"; int age; + struct getargs args[] = { + { "age", 0, arg_string, NULL, "age to retire" }, + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + int i = 0; struct e *head = NULL; time_t judgement_day; - age = parse_time(opt->age_string, "s"); - if(age < 0) { - krb5_warnx(context, "unparasable time `%s'", opt->age_string); - return 1; + args[i++].value = &age_str; + args[i++].value = &help_flag; + + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + if(help_flag) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; } - if((keytab = ktutil_open_keytab()) == NULL) - return 1; + age = parse_time(age_str, "s"); + if(age < 0) { + krb5_warnx(context, "unparasable time `%s'", age_str); + return 0; + } ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ - krb5_warn(context, ret, "%s", keytab_string); - goto out; + krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string); + return 1; } while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { - add_entry (entry.principal, entry.vno, entry.timestamp, &head); + add_entry (entry.principal, entry.vno, &head); krb5_kt_free_entry(context, &entry); } ret = krb5_kt_end_seq_get(context, keytab, &cursor); @@ -135,8 +147,8 @@ kt_purge(struct purge_options *opt, int argc, char **argv) ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ - krb5_warn(context, ret, "%s", keytab_string); - goto out; + krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string); + return 1; } while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { @@ -148,7 +160,7 @@ kt_purge(struct purge_options *opt, int argc, char **argv) } if (entry.vno < e->max_vno - && judgement_day - e->timestamp > age) { + && judgement_day - entry.timestamp > age) { if (verbose_flag) { char *name_str; @@ -166,7 +178,5 @@ kt_purge(struct purge_options *opt, int argc, char **argv) delete_list (head); - out: - krb5_kt_close (context, keytab); - return ret != 0; + return 0; } diff --git a/kerberosV/src/admin/remove.c b/kerberosV/src/admin/remove.c index 6807af7370a..2459032e40f 100644 --- a/kerberosV/src/admin/remove.c +++ b/kerberosV/src/admin/remove.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,57 +33,75 @@ #include "ktutil_locl.h" -RCSID("$KTH: remove.c,v 1.4 2004/09/23 14:45:18 joda Exp $"); +RCSID("$KTH: remove.c,v 1.1 2000/01/02 04:41:02 assar Exp $"); int -kt_remove(struct remove_options *opt, int argc, char **argv) +kt_remove(int argc, char **argv) { - krb5_error_code ret = 0; + krb5_error_code ret; krb5_keytab_entry entry; - krb5_keytab keytab; + char *principal_string = NULL; krb5_principal principal = NULL; + int kvno = 0; + char *keytype_string = NULL; krb5_enctype enctype = 0; - - if(opt->principal_string) { - ret = krb5_parse_name(context, opt->principal_string, &principal); + int help_flag = 0; + struct getargs args[] = { + { "principal", 'p', arg_string, NULL, "principal to remove" }, + { "kvno", 'V', arg_integer, NULL, "key version to remove" }, + { "enctype", 'e', arg_string, NULL, "enctype to remove" }, + { "help", 'h', arg_flag, NULL } + }; + int num_args = sizeof(args) / sizeof(args[0]); + int optind = 0; + int i = 0; + args[i++].value = &principal_string; + args[i++].value = &kvno; + args[i++].value = &keytype_string; + args[i++].value = &help_flag; + if(getarg(args, num_args, argc, argv, &optind)) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + if(help_flag) { + arg_printusage(args, num_args, "ktutil remove", ""); + return 0; + } + if(principal_string) { + ret = krb5_parse_name(context, principal_string, &principal); if(ret) { - krb5_warn(context, ret, "%s", opt->principal_string); - return 1; + krb5_warn(context, ret, "%s", principal_string); + return 0; } } - if(opt->enctype_string) { - ret = krb5_string_to_enctype(context, opt->enctype_string, &enctype); + if(keytype_string) { + ret = krb5_string_to_enctype(context, keytype_string, &enctype); if(ret) { int t; - if(sscanf(opt->enctype_string, "%d", &t) == 1) + if(sscanf(keytype_string, "%d", &t) == 1) enctype = t; else { - krb5_warn(context, ret, "%s", opt->enctype_string); + krb5_warn(context, ret, "%s", keytype_string); if(principal) krb5_free_principal(context, principal); - return 1; + return 0; } } } - if (!principal && !enctype && !opt->kvno_integer) { + if (!principal && !enctype && !kvno) { krb5_warnx(context, "You must give at least one of " "principal, enctype or kvno."); - return 1; + return 0; } - - if((keytab = ktutil_open_keytab()) == NULL) - return 1; - entry.principal = principal; entry.keyblock.keytype = enctype; - entry.vno = opt->kvno_integer; + entry.vno = kvno; ret = krb5_kt_remove_entry(context, keytab, &entry); - krb5_kt_close(context, keytab); if(ret) krb5_warn(context, ret, "remove"); if(principal) krb5_free_principal(context, principal); - return ret != 0; + return 0; } diff --git a/kerberosV/src/appl/afsutil/ChangeLog b/kerberosV/src/appl/afsutil/ChangeLog index 600d049cb4b..af83aef2cca 100644 --- a/kerberosV/src/appl/afsutil/ChangeLog +++ b/kerberosV/src/appl/afsutil/ChangeLog @@ -1,75 +1,3 @@ -2005-02-12 Love Hörnquist Åstrand <lha@it.su.se> - - * Makefile.am: man_MANS += pagsh.1 - - * pagsh.c: add --cache-type that allows the user to control the - resulting credential cache type, inherit the type from the - invoking process - - * pagsh.1: manpage for pagsh - -2004-09-03 Love Hörnquist Åstrand <lha@it.su.se> - - * afslog.c: use negative string help string for arg_negative_flag - Pointed out by Harald Barth - -2004-07-27 Love Hörnquist Åstrand <lha@it.su.se> - - * pagsh.c: use setprogname, if we stripped off -c, try use the - fallback code - -2003-10-14 Johan Danielsson <joda@pdc.kth.se> - - * pagsh.c: mkstemp formats must end in exactly six X's - -2003-07-15 Love Hörnquist Åstrand <lha@it.su.se> - - * afslog.c (do_afslog): is cell is unset, set it "<default cell>" - for error printing - - * pagsh.c: unconditionally set KRBTKFILE - -2003-04-23 Love Hörnquist Åstrand <lha@it.su.se> - - * afslog.c (log_func): drop the error number - -2003-04-14 Love Hörnquist Åstrand <lha@it.su.se> - - * afslog.c: set kafs log function if verbose is turned on - -2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> - - * Makefile.am (LDADD): use LIB_kafs - - * afslog.1: --no-v4, --no-v5 - - * Makefile.am: always build afsutils now - - * afslog.c: make build without KRB4 - -2002-11-26 Johan Danielsson <joda@pdc.kth.se> - - * afslog.c: remove plural form in help string - - * Makefile.am: add afslog manpage - - * afslog.1: manpage - - * afslog.c: try more files when trying to expand a cell name - - * afslog.c: create a list of cells to get tokens for, before - actually doing anything, and try to get tokens via krb4 if krb5 - fails, and give it a chance to work with krb4-only; also some bug - fixes, partially from Tomas Olsson. - -2002-08-23 Assar Westerlund <assar@kth.se> - - * pagsh.c: make it handle --version/--help - -2001-05-17 Assar Westerlund <assar@sics.se> - - * afslog.c (main): call free_getarg_strings - 2000-12-31 Assar Westerlund <assar@sics.se> * afslog.c (main): handle krb5_init_context failure consistently diff --git a/kerberosV/src/appl/test/common.c b/kerberosV/src/appl/test/common.c index 40b6400c2ac..49bb91fe466 100644 --- a/kerberosV/src/appl/test/common.c +++ b/kerberosV/src/appl/test/common.c @@ -33,7 +33,7 @@ #include "test_locl.h" -RCSID("$KTH: common.c,v 1.12 2003/09/09 03:38:04 lha Exp $"); +RCSID("$KTH: common.c,v 1.11 2000/08/27 04:29:34 assar Exp $"); static int help_flag; static int version_flag; @@ -41,14 +41,12 @@ static char *port_str; static char *keytab_str; krb5_keytab keytab; char *service = SERVICE; -char *mech = "krb5"; int fork_flag; static struct getargs args[] = { { "port", 'p', arg_string, &port_str, "port to listen to", "port" }, { "service", 's', arg_string, &service, "service to use", "service" }, { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" }, - { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" }, { "fork", 'f', arg_flag, &fork_flag, "do fork" }, { "help", 'h', arg_flag, &help_flag }, { "version", 0, arg_flag, &version_flag } diff --git a/kerberosV/src/appl/test/gss_common.c b/kerberosV/src/appl/test/gss_common.c index fa4327e7e94..e74193c187f 100644 --- a/kerberosV/src/appl/test/gss_common.c +++ b/kerberosV/src/appl/test/gss_common.c @@ -34,7 +34,7 @@ #include "test_locl.h" #include <gssapi.h> #include "gss_common.h" -RCSID("$KTH: gss_common.c,v 1.11 2005/03/19 03:10:56 lha Exp $"); +RCSID("$KTH: gss_common.c,v 1.9 2000/11/15 23:05:27 assar Exp $"); void write_token (int sock, gss_buffer_t buf) @@ -116,36 +116,3 @@ gss_err(int exitval, int status, const char *fmt, ...) va_end(args); } -gss_OID -select_mech(const char *mech) -{ - if (strcasecmp(mech, "krb5") == 0) - return GSS_KRB5_MECHANISM; - else if (strcasecmp(mech, "spnego") == 0) - return GSS_SPNEGO_MECHANISM; - else if (strcasecmp(mech, "no-oid") == 0) - return GSS_C_NO_OID; - else - errx (1, "Unknown mechanism '%s' (spnego, krb5, no-oid)", mech); -} - -void -print_gss_name(const char *prefix, gss_name_t name) -{ - OM_uint32 maj_stat, min_stat; - gss_buffer_desc name_token; - - maj_stat = gss_display_name (&min_stat, - name, - &name_token, - NULL); - if (GSS_ERROR(maj_stat)) - gss_err (1, min_stat, "gss_display_name"); - - fprintf (stderr, "%s `%.*s'\n", prefix, - (int)name_token.length, - (char *)name_token.value); - - gss_release_buffer (&min_stat, &name_token); - -} diff --git a/kerberosV/src/appl/test/gss_common.h b/kerberosV/src/appl/test/gss_common.h index 3558219163b..e1609f444f5 100644 --- a/kerberosV/src/appl/test/gss_common.h +++ b/kerberosV/src/appl/test/gss_common.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $KTH: gss_common.h,v 1.7 2005/03/19 03:13:14 lha Exp $ */ +/* $KTH: gss_common.h,v 1.5 1999/12/02 17:04:56 joda Exp $ */ void write_token (int sock, gss_buffer_t buf); void read_token (int sock, gss_buffer_t buf); @@ -43,7 +43,3 @@ void gss_verr(int exitval, int status, const char *fmt, va_list ap) void gss_err(int exitval, int status, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))); - -gss_OID select_mech(const char *); - -void print_gss_name(const char *, gss_name_t); diff --git a/kerberosV/src/appl/test/gssapi_client.c b/kerberosV/src/appl/test/gssapi_client.c index ed69083f88d..4662afc88e8 100644 --- a/kerberosV/src/appl/test/gssapi_client.c +++ b/kerberosV/src/appl/test/gssapi_client.c @@ -34,7 +34,7 @@ #include "test_locl.h" #include <gssapi.h> #include "gss_common.h" -RCSID("$KTH: gssapi_client.c,v 1.19 2003/09/10 09:32:42 lha Exp $"); +RCSID("$KTH: gssapi_client.c,v 1.16 2000/08/09 20:53:06 assar Exp $"); static int do_trans (int sock, gss_ctx_id_t context_hdl) @@ -65,17 +65,6 @@ do_trans (int sock, gss_ctx_id_t context_hdl) input_token->length = 7; input_token->value = "hemligt"; - maj_stat = gss_wrap (&min_stat, - context_hdl, - 0, - GSS_C_QOP_DEFAULT, - input_token, - NULL, - output_token); - if (GSS_ERROR(maj_stat)) - gss_err (1, min_stat, "gss_wrap"); - - write_token (sock, output_token); maj_stat = gss_wrap (&min_stat, context_hdl, @@ -109,9 +98,6 @@ proto (int sock, const char *hostname, const char *service) struct gss_channel_bindings_struct input_chan_bindings; u_char init_buf[4]; u_char acct_buf[4]; - gss_OID mech_oid; - - mech_oid = select_mech(mech); name_token.length = asprintf ((char **)&name_token.value, "%s@%s", service, hostname); @@ -169,7 +155,7 @@ proto (int sock, const char *hostname, const char *service) GSS_C_NO_CREDENTIAL, &context_hdl, server, - mech_oid, + GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG, 0, diff --git a/kerberosV/src/appl/test/gssapi_server.c b/kerberosV/src/appl/test/gssapi_server.c index 98568077a0a..ed7b1b56cd9 100644 --- a/kerberosV/src/appl/test/gssapi_server.c +++ b/kerberosV/src/appl/test/gssapi_server.c @@ -34,7 +34,7 @@ #include "test_locl.h" #include <gssapi.h> #include "gss_common.h" -RCSID("$KTH: gssapi_server.c,v 1.21 2005/04/10 14:47:41 lha Exp $"); +RCSID("$KTH: gssapi_server.c,v 1.15 2000/08/09 20:53:07 assar Exp $"); static int process_it(int sock, @@ -43,31 +43,22 @@ process_it(int sock, ) { OM_uint32 maj_stat, min_stat; + gss_buffer_desc name_token; gss_buffer_desc real_input_token, real_output_token; gss_buffer_t input_token = &real_input_token, output_token = &real_output_token; - gss_name_t server_name; - int conf_flag; - - print_gss_name("User is", client_name); - - maj_stat = gss_inquire_context(&min_stat, - context_hdl, - NULL, - &server_name, - NULL, - NULL, - NULL, - NULL, - NULL); + + maj_stat = gss_display_name (&min_stat, + client_name, + &name_token, + NULL); if (GSS_ERROR(maj_stat)) - gss_err (1, min_stat, "gss_inquire_context"); + gss_err (1, min_stat, "gss_display_name"); - print_gss_name("Server is", server_name); + fprintf (stderr, "User is `%.*s'\n", (int)name_token.length, + (char *)name_token.value); - maj_stat = gss_release_name(&min_stat, &server_name); - if (GSS_ERROR(maj_stat)) - gss_err (1, min_stat, "gss_release_name"); + gss_release_buffer (&min_stat, &name_token); /* gss_verify_mic */ @@ -96,32 +87,13 @@ process_it(int sock, context_hdl, input_token, output_token, - &conf_flag, - NULL); - if(GSS_ERROR(maj_stat)) - gss_err (1, min_stat, "gss_unwrap"); - - fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length, - (char *)output_token->value, - conf_flag ? "CONF" : "INT"); - - gss_release_buffer (&min_stat, input_token); - gss_release_buffer (&min_stat, output_token); - - read_token (sock, input_token); - - maj_stat = gss_unwrap (&min_stat, - context_hdl, - input_token, - output_token, - &conf_flag, + NULL, NULL); if(GSS_ERROR(maj_stat)) gss_err (1, min_stat, "gss_unwrap"); - fprintf (stderr, "gss_unwrap: %.*s %s\n", (int)output_token->length, - (char *)output_token->value, - conf_flag ? "CONF" : "INT"); + fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length, + (char *)output_token->value); gss_release_buffer (&min_stat, input_token); gss_release_buffer (&min_stat, output_token); @@ -145,8 +117,6 @@ proto (int sock, const char *service) krb5_ccache ccache; u_char init_buf[4]; u_char acct_buf[4]; - gss_OID mech_oid; - char *mech, *p; addrlen = sizeof(local); if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 @@ -186,7 +156,8 @@ proto (int sock, const char *service) input_chan_bindings.application_data.value = NULL; #endif - delegated_cred_handle = GSS_C_NO_CREDENTIAL; + delegated_cred_handle = emalloc(sizeof(*delegated_cred_handle)); + memset((char*)delegated_cred_handle, 0, sizeof(*delegated_cred_handle)); do { read_token (sock, input_token); @@ -197,11 +168,11 @@ proto (int sock, const char *service) input_token, &input_chan_bindings, &client_name, - &mech_oid, + NULL, output_token, NULL, NULL, - &delegated_cred_handle); + /*&delegated_cred_handle*/ NULL); if(GSS_ERROR(maj_stat)) gss_err (1, min_stat, "gss_accept_sec_context"); if (output_token->length != 0) @@ -215,43 +186,15 @@ proto (int sock, const char *service) } } while(maj_stat & GSS_S_CONTINUE_NEEDED); - p = (char *)mech_oid->elements; - if (mech_oid->length == GSS_KRB5_MECHANISM->length - && memcmp(p, GSS_KRB5_MECHANISM->elements, mech_oid->length) == 0) - mech = "Kerberos 5"; - else if (mech_oid->length == GSS_SPNEGO_MECHANISM->length - && memcmp(p, GSS_SPNEGO_MECHANISM->elements, mech_oid->length) == 0) - mech = "SPNEGO"; /* XXX Silly, wont show up */ - else - mech = "Unknown"; - - printf("Using mech: %s\n", mech); - - if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) { + if (delegated_cred_handle->ccache) { krb5_context context; - printf("Delegated cred found\n"); - maj_stat = krb5_init_context(&context); maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache); - maj_stat = gss_krb5_copy_ccache(&min_stat, - delegated_cred_handle, - ccache); - if (maj_stat == 0) { - krb5_principal p; - maj_stat = krb5_cc_get_principal(context, ccache, &p); - if (maj_stat == 0) { - char *name; - maj_stat = krb5_unparse_name(context, p, &name); - if (maj_stat == 0) { - printf("Delegated user is: `%s'\n", name); - free(name); - } - krb5_free_principal(context, p); - } - } + maj_stat = krb5_cc_copy_cache(context, + delegated_cred_handle->ccache, ccache); krb5_cc_close(context, ccache); - gss_release_cred(&min_stat, &delegated_cred_handle); + krb5_cc_destroy(context, delegated_cred_handle->ccache); } if (fork_flag) { diff --git a/kerberosV/src/appl/test/nt_gss_server.c b/kerberosV/src/appl/test/nt_gss_server.c index 02a5503647c..987616ea28d 100644 --- a/kerberosV/src/appl/test/nt_gss_server.c +++ b/kerberosV/src/appl/test/nt_gss_server.c @@ -36,7 +36,7 @@ #include <krb5.h> #include "nt_gss_common.h" -RCSID("$KTH: nt_gss_server.c,v 1.6 2003/05/21 15:15:34 lha Exp $"); +RCSID("$KTH: nt_gss_server.c,v 1.5 2000/08/09 20:53:07 assar Exp $"); /* * This program tries to act as a server for the sample in `Sample @@ -116,18 +116,13 @@ proto (int sock, const char *service) if (auth_file != NULL) { int fd = open (auth_file, O_WRONLY | O_CREAT, 0666); -#if 0 - krb5_ticket *ticket; - krb5_data *data; - - ticket = context_hdl->ticket; - data = &ticket->ticket.authorization_data->val[0].ad_data; + krb5_ticket *ticket = context_hdl->ticket; + krb5_data *data = &ticket->ticket.authorization_data->val[0].ad_data; if(fd < 0) err (1, "open %s", auth_file); if (write (fd, data->data, data->length) != data->length) errx (1, "write to %s failed", auth_file); -#endif if (close (fd)) err (1, "close %s", auth_file); } diff --git a/kerberosV/src/appl/test/test_locl.h b/kerberosV/src/appl/test/test_locl.h index 4eb06bb7097..0cf57f0b4bd 100644 --- a/kerberosV/src/appl/test/test_locl.h +++ b/kerberosV/src/appl/test/test_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $KTH: test_locl.h,v 1.10 2003/09/09 03:38:51 lha Exp $ */ +/* $KTH: test_locl.h,v 1.9 2000/08/27 04:29:54 assar Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -79,7 +79,6 @@ #define PORT "test" extern char *service; -extern char *mech; extern krb5_keytab keytab; extern int fork_flag; int server_setup(krb5_context*, int, char**); diff --git a/kerberosV/src/appl/test/uu_client.c b/kerberosV/src/appl/test/uu_client.c index 4c3583d1df3..50e3095c5b9 100644 --- a/kerberosV/src/appl/test/uu_client.c +++ b/kerberosV/src/appl/test/uu_client.c @@ -32,7 +32,7 @@ */ #include "test_locl.h" -RCSID("$KTH: uu_client.c,v 1.11 2005/04/03 19:53:32 lha Exp $"); +RCSID("$KTH: uu_client.c,v 1.7 2000/12/31 07:41:39 assar Exp $"); krb5_context context; @@ -50,7 +50,6 @@ proto (int sock, const char *hostname, const char *service) krb5_data data; krb5_data packet; krb5_creds mcred, cred; - krb5_ticket *ticket; addrlen = sizeof(local); if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0 @@ -89,8 +88,6 @@ proto (int sock, const char *hostname, const char *service) if (status) krb5_err(context, 1, status, "krb5_auth_con_setaddr"); - krb5_cc_clear_mcred(&mcred); - status = krb5_cc_get_principal(context, ccache, &client); if(status) krb5_err(context, 1, status, "krb5_cc_get_principal"); @@ -101,7 +98,6 @@ proto (int sock, const char *hostname, const char *service) NULL); if(status) krb5_err(context, 1, status, "krb5_make_principal"); - mcred.client = client; status = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); if(status) @@ -130,25 +126,11 @@ proto (int sock, const char *hostname, const char *service) krb5_err(context, 1, status, "krb5_auth_con_setuserkey"); status = krb5_recvauth(context, &auth_context, &sock, - VERSION, client, 0, NULL, &ticket); + VERSION, client, 0, NULL, NULL); if (status) krb5_err(context, 1, status, "krb5_recvauth"); - if (ticket->ticket.authorization_data) { - AuthorizationData *authz; - int i; - - printf("Authorization data:\n"); - - authz = ticket->ticket.authorization_data; - for (i = 0; i < authz->len; i++) { - printf("\ttype %d, length %lu\n", - authz->val[i].ad_type, - (unsigned long)authz->val[i].ad_data.length); - } - } - data.data = "hej"; data.length = 3; diff --git a/kerberosV/src/config.sub b/kerberosV/src/config.sub index 264f820aa55..42fc991d08a 100644 --- a/kerberosV/src/config.sub +++ b/kerberosV/src/config.sub @@ -1,9 +1,9 @@ #! /bin/sh -# Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# Configuration validation subroutine script, version 1.1. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. -timestamp='2004-02-23' +version='2000-09-11' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -29,8 +29,7 @@ timestamp='2004-02-23' # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. -# Please send patches to <config-patches@gnu.org>. Submit a context -# diff and a properly formatted ChangeLog entry. +# Please send patches to <config-patches@gnu.org>. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -61,30 +60,16 @@ Usage: $0 [OPTION] CPU-MFR-OPSYS Canonicalize a configuration name. Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to <config-patches@gnu.org>." - -version="\ -GNU config.sub ($timestamp) - -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 -Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + -h, --help print this help, then exit + -V, --version print version number, then exit" help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; - --version | -v ) + case "$1" in + --version | --vers* | -V ) echo "$version" ; exit 0 ;; --help | --h* | -h ) echo "$usage"; exit 0 ;; @@ -93,7 +78,9 @@ while test $# -gt 0 ; do - ) # Use stdin as input. break ;; -* ) - echo "$me: invalid option $1$help" + exec >&2 + echo "$me: invalid option $1" + echo "$help" exit 1 ;; *local*) @@ -118,8 +105,7 @@ esac # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ - kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + nto-qnx* | linux-gnu*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; @@ -159,14 +145,6 @@ case $os in os=-vxworks basic_machine=$1 ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; -hiux*) os=-hiuxwe2 ;; @@ -225,50 +203,22 @@ esac case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ - | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | m32r | m68000 | m68k | m88k | mcore \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | msp430 \ - | ns16k | ns32k \ - | openrisc | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ - | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ - | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ - | v850 | v850e \ - | we32k \ - | x86 | xscale | xstormy16 | xtensa \ - | z8k) + tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \ + | arme[lb] | armv[2345] | armv[345][lb] | pyramid | mn10200 | mn10300 | tron | a29k \ + | 580 | i960 | h8300 \ + | x86 | ppcbe | mipsbe | mipsle | shbe | shle | armbe | armle \ + | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \ + | hppa64 \ + | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \ + | alphaev6[78] \ + | we32k | ns16k | clipper | i370 | sh | sh[34] \ + | powerpc | powerpcle \ + | 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \ + | mips64orion | mips64orionel | mipstx39 | mipstx39el \ + | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \ + | mips64vr5000 | miprs64vr5000el | mcore \ + | sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \ + | thumb | d10v | d30v | fr30 | avr) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) @@ -276,13 +226,13 @@ case $basic_machine in basic_machine=$basic_machine-unknown os=-none ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl) ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) + i[234567]86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. @@ -291,61 +241,28 @@ case $basic_machine in exit 1 ;; # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ - | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | m32r-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | mcore-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ - | msp430-* \ - | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tron-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ - | xtensa-* \ - | ymp-* \ - | z8k-*) + # FIXME: clean up the formatting here. + vax-* | tahoe-* | i[234567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \ + | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \ + | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \ + | xmp-* | ymp-* \ + | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* | armbe-* | armle-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \ + | hppa2.0n-* | hppa64-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \ + | alphaev6[78]-* \ + | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \ + | clipper-* | orion-* \ + | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \ + | sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \ + | mipstx39-* | mipstx39el-* | mcore-* \ + | f301-* | armv*-* | s390-* | sv1-* | t3e-* \ + | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \ + | thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \ + | bs2000-* | tic54x-* | c54x-* | x86_64-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. @@ -363,9 +280,6 @@ case $basic_machine in basic_machine=a29k-amd os=-udi ;; - abacus) - basic_machine=abacus-unknown - ;; adobe68k) basic_machine=m68010-adobe os=-scout @@ -380,12 +294,6 @@ case $basic_machine in basic_machine=a29k-none os=-bsd ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; amdahl) basic_machine=580-amdahl os=-sysv @@ -417,10 +325,6 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -441,13 +345,17 @@ case $basic_machine in basic_machine=c38-convex os=-bsd ;; - cray | j90) - basic_machine=j90-cray + cray | ymp) + basic_machine=ymp-cray os=-unicos ;; - cr16c) - basic_machine=cr16c-unknown - os=-elf + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [ctj]90-cray) + basic_machine=c90-cray + os=-unicos ;; crds | unos) basic_machine=m68k-crds @@ -455,24 +363,12 @@ case $basic_machine in cris | cris-* | etrax*) basic_machine=cris-axis ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola @@ -514,10 +410,6 @@ case $basic_machine in basic_machine=tron-gmicro os=-sysv ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 @@ -593,19 +485,19 @@ case $basic_machine in basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? - i*86v32) + i[34567]86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; - i*86v4*) + i[34567]86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; - i*86v) + i[34567]86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; - i*86sol2) + i[34567]86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; @@ -617,6 +509,18 @@ case $basic_machine in basic_machine=i386-unknown os=-vsta ;; + i386-go32 | go32) + basic_machine=i386-unknown + os=-go32 + ;; + i386-mingw32 | mingw32) + basic_machine=i386-unknown + os=-mingw32 + ;; + i[34567]86-pw32 | pw32) + basic_machine=i586-unknown + os=-pw32 + ;; iris | iris4d) basic_machine=mips-sgi case $os in @@ -642,10 +546,6 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - mingw32) - basic_machine=i386-pc - os=-mingw32 - ;; miniframe) basic_machine=m68000-convergent ;; @@ -653,6 +553,14 @@ case $basic_machine in basic_machine=m68k-atari os=-mint ;; + mipsel*-linux*) + basic_machine=mipsel-unknown + os=-linux-gnu + ;; + mips*-linux*) + basic_machine=mips-unknown + os=-linux-gnu + ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; @@ -667,12 +575,8 @@ case $basic_machine in basic_machine=m68k-rom68k os=-coff ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; msdos) - basic_machine=i386-pc + basic_machine=i386-unknown os=-msdos ;; mvs) @@ -736,17 +640,9 @@ case $basic_machine in basic_machine=i960-intel os=-mon960 ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; np1) basic_machine=np1-gould ;; - nv1) - basic_machine=nv1-cray - os=-unicosmp - ;; nsr-tandem) basic_machine=nsr-tandem ;; @@ -754,14 +650,6 @@ case $basic_machine in basic_machine=hppa1.1-oki os=-proelf ;; - or32 | or32-*) - basic_machine=or32-unknown - os=-coff - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose @@ -784,65 +672,45 @@ case $basic_machine in pbb) basic_machine=m68k-tti ;; - pc532 | pc532-*) + pc532 | pc532-*) basic_machine=ns32k-pc532 ;; - pentium | p5 | k5 | k6 | nexgen | viac3) + pentium | p5 | k5 | k6 | nexen) basic_machine=i586-pc ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) + pentiumpro | p6 | 6x86 | athlon) basic_machine=i686-pc ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) + pentiumii | pentium2) basic_machine=i786-pc ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + pentium-* | p5-* | k5-* | k6-* | nexen-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) + pentiumii-* | pentium2-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; - power) basic_machine=power-ibm + power) basic_machine=rs6000-ibm ;; ppc) basic_machine=powerpc-unknown - ;; + ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown - ;; + ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; ps2) basic_machine=i386-ibm ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; rom68k) basic_machine=m68k-rom68k os=-coff @@ -853,26 +721,10 @@ case $basic_machine in rtpc | rtpc-*) basic_machine=romp-ibm ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; sa29200) basic_machine=a29k-amd os=-udi ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; sequent) basic_machine=i386-sequent ;; @@ -880,10 +732,7 @@ case $basic_machine in basic_machine=sh-hitachi os=-hms ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) + sparclite-wrs) basic_machine=sparclite-wrs os=-vxworks ;; @@ -950,42 +799,22 @@ case $basic_machine in os=-dynix ;; t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray + basic_machine=t3e-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; tower | tower-32) basic_machine=m68k-ncr ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; udi29k) basic_machine=a29k-amd os=-udi @@ -1007,8 +836,8 @@ case $basic_machine in os=-vms ;; vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; + basic_machine=f301-fujitsu + ;; vxworks960) basic_machine=i960-wrs os=-vxworks @@ -1029,13 +858,13 @@ case $basic_machine in basic_machine=hppa1.1-winbond os=-proelf ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - ymp) - basic_machine=ymp-cray + xmp) + basic_machine=xmp-cray os=-unicos ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim @@ -1056,6 +885,13 @@ case $basic_machine in op60c) basic_machine=hppa1.1-oki ;; + mips) + if [ x$os = x-linux-gnu ]; then + basic_machine=mips-unknown + else + basic_machine=mips-mips + fi + ;; romp) basic_machine=romp-ibm ;; @@ -1065,26 +901,19 @@ case $basic_machine in vax) basic_machine=vax-dec ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; - sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown + sh3 | sh4) + base_machine=sh-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparc | sparcv9 | sparcv9b) + sparc | sparcv9) basic_machine=sparc-sun ;; - cydra) + cydra) basic_machine=cydra-cydrome ;; orion) @@ -1099,8 +928,9 @@ case $basic_machine in pmac | pmac-mpw) basic_machine=powerpc-apple ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. + c4x*) + basic_machine=c4x-none + os=-coff ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 @@ -1154,35 +984,27 @@ case $os in | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly*) + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in - x86-* | i*86-*) + x86-* | i[34567]86-*) ;; *) os=-nto$os ;; esac ;; - -nto-qnx*) - ;; -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` + os=-nto-qnx ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ @@ -1191,9 +1013,6 @@ case $os in -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; @@ -1206,9 +1025,6 @@ case $os in -opened*) os=-openedition ;; - -os400*) - os=-os400 - ;; -wince*) os=-wince ;; @@ -1227,23 +1043,14 @@ case $os in -acis*) os=-aos ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; - -nova*) - os=-rtmk-nova - ;; -ns2 ) - os=-nextstep2 + os=-nextstep2 ;; -nsk*) os=-nsk @@ -1255,9 +1062,6 @@ case $os in -sinix*) os=-sysv4 ;; - -tpf*) - os=-tpf - ;; -triton*) os=-sysv3 ;; @@ -1285,14 +1089,8 @@ case $os in -xenix) os=-xenix ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -kaos*) - os=-kaos + -*mint | -*MiNT) + os=-mint ;; -none) ;; @@ -1325,14 +1123,7 @@ case $basic_machine in arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) + pdp11-*) os=-none ;; *-dec | vax-*) @@ -1359,9 +1150,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or32-*) - os=-coff - ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; @@ -1425,25 +1213,25 @@ case $basic_machine in *-next) os=-nextstep3 ;; - *-gould) + *-gould) os=-sysv ;; - *-highlevel) + *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; - *-sgi) + *-sgi) os=-irix ;; - *-siemens) + *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; - f30[01]-fujitsu | f700-fujitsu) + f301-fujitsu) os=-uxpv ;; *-rom68k) @@ -1506,16 +1294,10 @@ case $basic_machine in -mvs* | -opened*) vendor=ibm ;; - -os400*) - vendor=ibm - ;; -ptx*) vendor=sequent ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) + -vxsim* | -vxworks*) vendor=wrs ;; -aux*) @@ -1527,12 +1309,9 @@ case $basic_machine in -mpw* | -macos*) vendor=apple ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + -*mint | -*MiNT) vendor=atari ;; - -vos*) - vendor=stratus - ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; @@ -1543,7 +1322,7 @@ exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" +# time-stamp-start: "version='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: |